SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware GSX Server Vendors:   VMware
(Vendor Issues Patch) Re: VMware GSX Server Buffer Overflow in VMware Authorization Service 'GLOBAL' Parameter Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1004846
SecurityTracker URL:  http://securitytracker.com/id/1004846
CVE Reference:   CVE-2002-0814   (Links to External Site)
Updated:  Feb 21 2004
Original Entry Date:  Jul 26 2002
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.0 build-2050
Description:   A buffer overflow vulnerability was reported in the VMware GSX Server. A remote authenticated user can execute arbitrary code on the system.

A remote authenticated user can reportedly connect to the VMware Authorization Service on TCP port 902 and send a specially crafted GLOBAL command to trigger the buffer overflow. According to the report, this can cause arbitrary code to be executed with administrator privileges.

It may be possible for the remote user to exploit the flaw using a guest account.

Demonstration exploit code is provided in the Source Message.

Impact:   A remote authenticated user can execute arbitrary code on the system with administrator privileges.
Solution:   The vendor has issued a patch for VMware GSX Server 2.0.0 (for Windows) build 2050, available at:

http://www.vmware.com/download/gsx_security.html

Also, the vendor plans to release an update to VMware GSX Server 2.0 shortly that incorporates a fix to this vulnerability.

Vendor URL:  www.vmware.com/products/server/gsx_features.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (NT), Windows (2000)
Underlying OS Comments:  Only the Windows version has been tested

Message History:   This archive entry is a follow-up to the message listed below.
Jul 25 2002 VMware GSX Server Buffer Overflow in VMware Authorization Service 'GLOBAL' Parameter Lets Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  Re: VMware GSX Server Remote Buffer Overflow


In-Reply-To: <20020724103134.6884.qmail@mail.securityfocus.com>

VMware has confirmed this vulnerability in VMware GSX Server 2.0.0 (for 
Windows) build 2050.  Our testing also confirms that no other VMware 
products are vulnerable to the posted exploit.

We have created a patch for the vulnerability.  Users of VMware GSX Server 
2.0.0 (for Windows) build 2050 should go to 
http://www.vmware.com/download/gsx_security.html to download the VMware 
Authorization Service patch.

We will be releasing an update to VMware GSX Server 2.0 shortly that 
incorporates a fix to this vulnerability.

We want to thank the author of the original post for identifying this 
vulnerability.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC