CVE-2009-4811

CWE-134 — Uncontrolled Format String5 documents4 sources

Severity

5.0MEDIUM

EPSS

1.3%

top 20.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ACE Vmware Player Vmware Server +1 more

Timeline

PublishedApr 27

Latest updateMay 2

Description

VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue t…

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDvmware/player7 versions+6

▶NVDvmware/server2.0.0, 2.0.1, 2.0.2+2

▶NVDvmware/workstation7 versions+6

▶NVDvmware/ace7 versions+6

Patches

Patch: lists.vmware.com ↗Patch: www.vmware.com ↗Patch: lists.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-8jq2-g365-87pp: VMware Authentication Daemon 1↗2022-05-02

▶

CVEList

CVE-2009-4811: VMware Authentication Daemon 1↗2010-04-27

▶

💬Community

Bugzilla

pgpoolAdmin: multiple vulnerabilities in embedded Smarty (2.6.13)↗2010-09-22

▶