5 - CVE-2009-0177

Executive Summary

Informations
Name	CVE-2009-0177	First vendor Publication	2009-01-20
Vendor	Cve	Last vendor Modification	2017-10-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0177

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6433

Oval ID:	oval:org.mitre.oval:def:6433
Title:	VMware authd Service Lets Remote Users Deny Service
Description:	vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0177	Version:	1
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200811401-BG is not installed OR VMWare ESX Server 3.0.2 is installed AND Patch ESX-1006980 is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200811401-SG is not installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Vmware Ace cpe:2.3:a:vmware:ace:2.5.1:::::::* cpe:2.3:a:vmware:ace:2.5.0:::::::* cpe:2.3:a:vmware:ace:2.0.5:::::::* cpe:2.3:a:vmware:ace:2.0.4:::::::* cpe:2.3:a:vmware:ace:2.0.3:::::::* cpe:2.3:a:vmware:ace:2.0.2:::::::* cpe:2.3:a:vmware:ace:2.0.1_build_55017:::::::* cpe:2.3:a:vmware:ace:2.0.1:::::::* cpe:2.3:a:vmware:ace:2.0:::::::* cpe:2.3:a:vmware:ace:1.0.7:::::::* cpe:2.3:a:vmware:ace:1.0.6:::::::* cpe:2.3:a:vmware:ace:1.0.5:::::::* cpe:2.3:a:vmware:ace:1.0.4:::::::* cpe:2.3:a:vmware:ace:1.0.3_build_54075:::::::* cpe:2.3:a:vmware:ace:1.0.3:::::::* cpe:2.3:a:vmware:ace:1.0.2:::::::* cpe:2.3:a:vmware:ace:1.0.1:::::::* cpe:2.3:a:vmware:ace:1.0.0:::::::* cpe:2.3:a:vmware:ace:1.0:::::::* cpe:2.3:a:vmware:ace::::::::	20
Application	Vmware Fusion cpe:2.3:a:vmware:fusion:2.0.1:::::::* cpe:2.3:a:vmware:fusion:2.0:::::::* cpe:2.3:a:vmware:fusion:1.1.3:::::::* cpe:2.3:a:vmware:fusion:1.1.2:::::::* cpe:2.3:a:vmware:fusion:1.1.1:::::::* cpe:2.3:a:vmware:fusion:1.1:::::::* cpe:2.3:a:vmware:fusion:1.0:::::::* cpe:2.3:a:vmware:fusion:::::::: cpe:2.3:a:vmware:fusion::::::mac_os_x::* cpe:2.3:a:vmware:fusion:::~~~mac_os_x~~:::::* cpe:2.3:a:vmware:fusion:-:::::::*	11
Application	Vmware Server cpe:2.3:a:vmware:server:2.0.0:::::::*	1
Application	Vmware Vmware Player cpe:2.3:a:vmware:vmware_player:2.5.1:::::::* cpe:2.3:a:vmware:vmware_player:2.5:::::::* cpe:2.3:a:vmware:vmware_player:2.0.5:::::::* cpe:2.3:a:vmware:vmware_player:2.0.4:::::::* cpe:2.3:a:vmware:vmware_player:2.0.3:::::::* cpe:2.3:a:vmware:vmware_player:2.0.2:::::::* cpe:2.3:a:vmware:vmware_player:2.0.1:::::::* cpe:2.3:a:vmware:vmware_player:2.0:::::::* cpe:2.3:a:vmware:vmware_player:1.05:::::::* cpe:2.3:a:vmware:vmware_player:1.01:::::::* cpe:2.3:a:vmware:vmware_player:1.0.9:::::::* cpe:2.3:a:vmware:vmware_player:1.0.8:::::::* cpe:2.3:a:vmware:vmware_player:1.0.7:::::::* cpe:2.3:a:vmware:vmware_player:1.0.6:::::::* cpe:2.3:a:vmware:vmware_player:1.0.5:::::::* cpe:2.3:a:vmware:vmware_player:1.0.4:::::::* cpe:2.3:a:vmware:vmware_player:1.0.3:::::::* cpe:2.3:a:vmware:vmware_player:1.0.2:::::::* cpe:2.3:a:vmware:vmware_player:1.0.1_build_19317:::::::* cpe:2.3:a:vmware:vmware_player:1.0.1:::::::* cpe:2.3:a:vmware:vmware_player:1.0.0:::::::*	21
Application	Vmware Vmware Workstation cpe:2.3:a:vmware:vmware_workstation:6.5.1:::::::* cpe:2.3:a:vmware:vmware_workstation:6.5:::::::* cpe:2.3:a:vmware:vmware_workstation:6.03:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.5:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.4:build_93057:::::: cpe:2.3:a:vmware:vmware_workstation:6.0.4:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.3:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.0.45731:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.8:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.7:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.6:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.5:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.4:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.3:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.2:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.1:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.0:::::::* cpe:2.3:a:vmware:vmware_workstation:5.0:::::::* cpe:2.3:a:vmware:vmware_workstation:4.5.3:::::::*	22

OpenVAS Exploits

Date	Description
2009-05-18	Name : VMware Products Multiple Vulnerabilities (Linux) Apr09 File : nvt/secpod_vmware_prdts_mult_vuln_lin_apr09.nasl
2009-05-18	Name : VMware Products Multiple Vulnerabilities (Win) Apr09 File : nvt/secpod_vmware_prdts_mult_vuln_win_apr09.nasl
2009-02-06	Name : VMware Products vmware-authd Denial of Service Vulnerability (Win) File : nvt/gb_vmware_prdts_dos_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
51180	VMware vmware-authd USER String Handling DoS

Information Assurance Vulnerability Management (IAVM)

Date	Description
2009-04-09	IAVM : 2009-B-0015 - Multiple Vulnerabilities in VMware Severity : Category I - VMSKEY : V0018638

Nessus® Vulnerability Scanner

Date	Description
2009-07-27	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0005.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2009-0006.nasl - Type : ACT_GATHER_INFO
2009-04-09	Name : The remote host has an application that is affected by multiple issues. File : vmware_multiple_vmsa_2009_0005.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/34373
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2009-0005.html
EXPLOIT-DB	https://www.exploit-db.com/exploits/7647
FULLDISC	http://seclists.org/fulldisclosure/2009/Apr/0036.html
MLIST	http://lists.vmware.com/pipermail/security-announce/2009/000054.html
OSVDB	http://osvdb.org/51180
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK	http://www.securitytracker.com/id?1021512
SECUNIA	http://secunia.com/advisories/33372 http://secunia.com/advisories/34601
VUPEN	http://www.vupen.com/english/advisories/2009/0024 http://www.vupen.com/english/advisories/2009/0944

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:09:01	Multiple Updates
2021-04-22 01:09:22	Multiple Updates
2020-05-23 01:39:56	Multiple Updates
2020-05-23 00:23:14	Multiple Updates
2019-02-08 12:01:34	Multiple Updates
2018-10-04 12:05:15	Multiple Updates
2017-10-19 09:23:58	Multiple Updates
2017-09-29 09:24:01	Multiple Updates
2016-06-28 17:33:36	Multiple Updates
2016-04-26 18:33:54	Multiple Updates
2014-02-17 10:48:25	Multiple Updates
2013-11-11 12:38:10	Multiple Updates
2013-05-10 23:42:26	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	75
Sources(s)	12
osvdb(s)	1
Openvas Exploit(s)	3
IAVM(s)	1
Nessus® Exploit(s)	3

	Related
9.3	VMSA-2009-0005
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5 - CVE-2009-0177

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU