Vulnerability Description
Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Ace | 1.0 |
| Vmware | Gsx Server | 2.0 |
| Vmware | Player | 1.0.0 |
| Vmware | Workstation | 3.2.1 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.htmlExploit
- http://secunia.com/advisories/18162PatchVendor Advisory
- http://secunia.com/advisories/18344Vendor Advisory
- http://securityreason.com/securityalert/282
- http://securityreason.com/securityalert/289
- http://securitytracker.com/id?1015401
- http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml
- http://www.kb.cert.org/vuls/id/856689US Government Resource
- http://www.securityfocus.com/archive/1/419997/100/0/threaded
- http://www.securityfocus.com/archive/1/420017/100/0/threaded
- http://www.securityfocus.com/bid/15998Patch
- http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000Patch
- http://www.vupen.com/english/advisories/2005/3013Vendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.htmlExploit
- http://secunia.com/advisories/18162PatchVendor Advisory
FAQ
What is CVE-2005-4459?
CVE-2005-4459 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, includi...
How severe is CVE-2005-4459?
CVE-2005-4459 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4459?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Gsx Server, Vmware Player, Vmware Workstation.