CVE-2007-0062

Current Description

Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.

Basic Data

PublishedSeptember 21, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationVmwareAce1.0.3*******
    2.3ApplicationVmwareAce2.0*******
    2.3ApplicationVmwarePlayer1.0.4*******
    2.3ApplicationVmwarePlayer2.0*******
    2.3ApplicationVmwareServer1.0.3*******
    2.3ApplicationVmwareVmware Workstation6.0.1*******
    2.3ApplicationVmwareWorkstation3.4*******
    2.3ApplicationVmwareWorkstation4.0*******
    2.3ApplicationVmwareWorkstation4.0.1*******
    2.3ApplicationVmwareWorkstation4.0.2*******
    2.3ApplicationVmwareWorkstation4.5.2*******
    2.3ApplicationVmwareWorkstation5.5.0_build_13124*******
    2.3ApplicationVmwareWorkstation5.5.1*******
    2.3ApplicationVmwareWorkstation5.5.1_build_19175*******
    2.3ApplicationVmwareWorkstation5.5.3_build_34685*******
    2.3ApplicationVmwareWorkstation5.5.3_build_42958*******
    2.3ApplicationVmwareWorkstation5.5.4*******
    2.3ApplicationVmwareWorkstation5.5.4_build_44386*******
    2.3ApplicationVmwareWorkstation6.0*******

Vulnerable Software List

VendorProductVersions
Vmware Workstation 3.4, 4.0, 4.0.1, 4.0.2, 4.5.2, 5.5.0_build_13124, 5.5.1, 5.5.1_build_19175, 5.5.3_build_34685, 5.5.3_build_42958, 5.5.4, 5.5.4_build_44386, 6.0
Vmware Server 1.0.3
Vmware Ace 1.0.3, 2.0
Vmware Player 1.0.4, 2.0
Vmware Vmware Workstation 6.0.1

References

NameSourceURLTags
http://bugs.gentoo.org/show_bug.cgi?id=227135http://bugs.gentoo.org/show_bug.cgi?id=227135CONFIRM
20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Playerhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlFULLDISC
SUSE-SR:2009:005http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.htmlSUSE
26890http://secunia.com/advisories/26890SECUNIAVendor Advisory
27694http://secunia.com/advisories/27694SECUNIAVendor Advisory
27706http://secunia.com/advisories/27706SECUNIAVendor Advisory
31396http://secunia.com/advisories/31396SECUNIAVendor Advisory
34263http://secunia.com/advisories/34263SECUNIAVendor Advisory
GLSA-200711-23http://security.gentoo.org/glsa/glsa-200711-23.xmlGENTOO
GLSA-200808-05http://security.gentoo.org/glsa/glsa-200808-05.xmlGENTOO
http://wiki.rpath.com/Advisories:rPSA-2009-0041http://wiki.rpath.com/Advisories:rPSA-2009-0041CONFIRM
20070919 VMWare DHCP Server Remote Code Execution Vulnerabilitieshttp://www.iss.net/threats/275.htmlISSPatch
MDVSA-2009:153http://www.mandriva.com/security/advisories?name=MDVSA-2009:153MANDRIVA
20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4clienthttp://www.securityfocus.com/archive/1/501759/100/0/threadedBUGTRAQ
25729http://www.securityfocus.com/bid/25729BIDPatch
1018717http://www.securitytracker.com/id?1018717SECTRACK
USN-543-1http://www.ubuntu.com/usn/usn-543-1UBUNTU
http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlhttp://www.vmware.com/support/ace/doc/releasenotes_ace.htmlCONFIRMPatch
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlhttp://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlCONFIRMPatch
http://www.vmware.com/support/player/doc/releasenotes_player.htmlhttp://www.vmware.com/support/player/doc/releasenotes_player.htmlCONFIRMPatch
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlhttp://www.vmware.com/support/player2/doc/releasenotes_player2.htmlCONFIRMPatch
http://www.vmware.com/support/server/doc/releasenotes_server.htmlhttp://www.vmware.com/support/server/doc/releasenotes_server.htmlCONFIRMPatch
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlhttp://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlCONFIRMPatch
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlhttp://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlCONFIRMPatch
ADV-2007-3229http://www.vupen.com/english/advisories/2007/3229VUPENVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=339561https://bugzilla.redhat.com/show_bug.cgi?id=339561CONFIRM
dhcp-param-overflow(33102)https://exchange.xforce.ibmcloud.com/vulnerabilities/33102XF