CVE-2007-0062

Current Description

Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.

Basic Data

Published	September 21, 2007
Last Modified	October 16, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	CWE-119
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	COMPLETE
CVSS 2 - Availability Impact	COMPLETE
CVSS 2 - Base Score	10.0
Severity	HIGH
Exploitability Score	10.0
Impact Score	10.0
Obtain All Privilege	true
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	Application	Vmware	Ace	1.0.3	*	*	*	*	*	*	*
2.3	Application	Vmware	Ace	2.0	*	*	*	*	*	*	*
2.3	Application	Vmware	Player	1.0.4	*	*	*	*	*	*	*
2.3	Application	Vmware	Player	2.0	*	*	*	*	*	*	*
2.3	Application	Vmware	Server	1.0.3	*	*	*	*	*	*	*
2.3	Application	Vmware	Vmware Workstation	6.0.1	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	3.4	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	4.0	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	4.0.1	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	4.0.2	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	4.5.2	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	5.5.0_build_13124	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	5.5.1	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	5.5.1_build_19175	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	5.5.3_build_34685	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	5.5.3_build_42958	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	5.5.4	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	5.5.4_build_44386	*	*	*	*	*	*	*
2.3	Application	Vmware	Workstation	6.0	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Vmware	Workstation	3.4, 4.0, 4.0.1, 4.0.2, 4.5.2, 5.5.0_build_13124, 5.5.1, 5.5.1_build_19175, 5.5.3_build_34685, 5.5.3_build_42958, 5.5.4, 5.5.4_build_44386, 6.0
Vmware	Server	1.0.3
Vmware	Ace	1.0.3, 2.0
Vmware	Player	1.0.4, 2.0
Vmware	Vmware Workstation	6.0.1

References

Name	Source	URL	Tags
http://bugs.gentoo.org/show_bug.cgi?id=227135	http://bugs.gentoo.org/show_bug.cgi?id=227135	CONFIRM
20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player	http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html	FULLDISC
SUSE-SR:2009:005	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html	SUSE
26890	http://secunia.com/advisories/26890	SECUNIA	Vendor Advisory
27694	http://secunia.com/advisories/27694	SECUNIA	Vendor Advisory
27706	http://secunia.com/advisories/27706	SECUNIA	Vendor Advisory
31396	http://secunia.com/advisories/31396	SECUNIA	Vendor Advisory
34263	http://secunia.com/advisories/34263	SECUNIA	Vendor Advisory
GLSA-200711-23	http://security.gentoo.org/glsa/glsa-200711-23.xml	GENTOO
GLSA-200808-05	http://security.gentoo.org/glsa/glsa-200808-05.xml	GENTOO
http://wiki.rpath.com/Advisories:rPSA-2009-0041	http://wiki.rpath.com/Advisories:rPSA-2009-0041	CONFIRM
20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities	http://www.iss.net/threats/275.html	ISS	PATCH
MDVSA-2009:153	http://www.mandriva.com/security/advisories?name=MDVSA-2009:153	MANDRIVA
20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4client	http://www.securityfocus.com/archive/1/501759/100/0/threaded	BUGTRAQ
25729	http://www.securityfocus.com/bid/25729	BID	PATCH
1018717	http://www.securitytracker.com/id?1018717	SECTRACK
USN-543-1	http://www.ubuntu.com/usn/usn-543-1	UBUNTU
http://www.vmware.com/support/ace/doc/releasenotes_ace.html	http://www.vmware.com/support/ace/doc/releasenotes_ace.html	CONFIRM	PATCH
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	CONFIRM	PATCH
http://www.vmware.com/support/player/doc/releasenotes_player.html	http://www.vmware.com/support/player/doc/releasenotes_player.html	CONFIRM	PATCH
http://www.vmware.com/support/player2/doc/releasenotes_player2.html	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	CONFIRM	PATCH
http://www.vmware.com/support/server/doc/releasenotes_server.html	http://www.vmware.com/support/server/doc/releasenotes_server.html	CONFIRM	PATCH
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	CONFIRM	PATCH
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	CONFIRM	PATCH
ADV-2007-3229	http://www.vupen.com/english/advisories/2007/3229	VUPEN	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=339561	https://bugzilla.redhat.com/show_bug.cgi?id=339561	CONFIRM
dhcp-param-overflow(33102)	https://exchange.xforce.ibmcloud.com/vulnerabilities/33102	XF