VMware GSX Server Authorization Service buffer overflow
| vmware-gsx-auth-bo (9663) |  High Risk |
Description:
VMware GSX Server is vulnerable to a buffer overflow in the Authorization Service. By sending a specially-crafted GLOBAL command during the authorization process, a remote attacker could overflow a buffer and execute commands on the vulnerable server. An attacker could use this vulnerability to gain administrative access to the server.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of VMware GSX Server (2.0.1 build 2129 or later), or apply the Authorization Service patch, available from the VMware Web site. See References.
References:
- BugTraq Mailing List, Thu Jul 25 2002 - 20:48:43 CDT: Re: VMware GSX Server Remote Buffer Overflow.
- BugTraq Mailing List, Wed Jul 24 2002 - 05:31:34 CDT: VMware GSX Server Remote Buffer Overflow.
- NTBugTraq Mailing List, Mon, 5 Aug 2002 22:54:01 -0400: VMware GSX Server 2.0.1 Release and Security Alert.
- VMware Web site: VMware Server Products.
- VMWare Web site: VMware GSX Server -- Download Security Updates.
- BID-5294: VMWare GSX Server Authentication Server Buffer Overflow Vulnerability
- CVE-2002-0814: Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.
Platforms Affected:
- VMware GSX Server 2.0.0_build_2050
Reported:
Jul 24, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net