VDB
CVE-2009-4811
CVE-2009-4811
PUBLISHED
CVSS 5 MEDIUM
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information.
EPSS 1.28% · 79.9th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
1.28%
79.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vmware | server | 2.0.0, 2.0.2, 2.0.1 |
| n/a | n/a | n/a |
| vmware | ace | 2.5.4, 2.5.3, 2.5.1 |
| vmware | player | 2.5.1, 2.5, 2.5.2 |
| vmware | workstation | 6.5.1, 6.5.0, 7.0.1 |
Timeline
- Apr 27, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 2, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- GLSA-201209-25 vendor-advisory
- 36630 vdb
- http://www.vmware.com/security/advisories/VMSA-2010-0007.html url
- [security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues mailing-list
- 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues mailing-list
- http://freetexthost.com/qr1tffkzpu url
- http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html url
- 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2009-4811 advisory