Short Name |
APP:VMAUTH-FS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
VMware Authorization Service User Credential Parsing Denial of Service |
Release Date |
2011/07/18 |
Update Number |
1956 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A denial of service vulnerability has been reported in the authorization service of some VMware products. The flaw is due to a design error when processing login requests. An attacker can exploit this vulnerability by supplying malicious USER or PASS strings to the target host. Successful exploitation would result on the termination of the "vmware-authd" process causing a denial of service condition.
VMware Player and Workstation are prone to a remote denial-of-service vulnerability because the applications fail to perform adequate validation checks on user-supplied input. An attacker can exploit this issue to crash the 'vmware-authd' process, denying service to legitimate users. NOTE: This issue was also covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities); this BID is being retained to properly document the issue.