ID CVE-2009-1805
Summary Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.
References
Vulnerable Configurations
  • VMWare ACE 1.0
    cpe:2.3:a:vmware:ace:1.0
  • cpe:2.3:a:vmware:ace:1.0.0
    cpe:2.3:a:vmware:ace:1.0.0
  • VMware ACE 1.0.1
    cpe:2.3:a:vmware:ace:1.0.1
  • VMware ACE 1.0.2
    cpe:2.3:a:vmware:ace:1.0.2
  • VMWare ACE 1.0.3
    cpe:2.3:a:vmware:ace:1.0.3
  • VMWare ACE 1.0.3 Build 54075
    cpe:2.3:a:vmware:ace:1.0.3_build_54075
  • VMware ACE 1.0.4
    cpe:2.3:a:vmware:ace:1.0.4
  • VMware ACE 1.0.5
    cpe:2.3:a:vmware:ace:1.0.5
  • VMware ACE 1.0.6
    cpe:2.3:a:vmware:ace:1.0.6
  • VMware ACE 1.0.7
    cpe:2.3:a:vmware:ace:1.0.7
  • VMWare ACE 2.0
    cpe:2.3:a:vmware:ace:2.0
  • VMware ACE 2.0.1
    cpe:2.3:a:vmware:ace:2.0.1
  • VMWare ACE 2 2.0.1.55017
    cpe:2.3:a:vmware:ace:2.0.1_build_55017
  • VMware ACE 2.0.2
    cpe:2.3:a:vmware:ace:2.0.2
  • VMware ACE 2.0.3
    cpe:2.3:a:vmware:ace:2.0.3
  • VMware ACE 2.0.4
    cpe:2.3:a:vmware:ace:2.0.4
  • VMware ACE 2.0.5
    cpe:2.3:a:vmware:ace:2.0.5
  • cpe:2.3:a:vmware:ace:2.5.0
    cpe:2.3:a:vmware:ace:2.5.0
  • cpe:2.3:a:vmware:ace:2.5.1
    cpe:2.3:a:vmware:ace:2.5.1
  • cpe:2.3:a:vmware:esx:3.0.2
    cpe:2.3:a:vmware:esx:3.0.2
  • cpe:2.3:a:vmware:esx:3.0.3
    cpe:2.3:a:vmware:esx:3.0.3
  • cpe:2.3:a:vmware:esx:3.5
    cpe:2.3:a:vmware:esx:3.5
  • cpe:2.3:a:vmware:esxi:3.5
    cpe:2.3:a:vmware:esxi:3.5
  • cpe:2.3:a:vmware:fusion:2.0
    cpe:2.3:a:vmware:fusion:2.0
  • cpe:2.3:a:vmware:fusion:2.0.1
    cpe:2.3:a:vmware:fusion:2.0.1
  • VMware Player 1.0.0
    cpe:2.3:a:vmware:player:1.0.0
  • VMware Player 1.0.1
    cpe:2.3:a:vmware:player:1.0.1
  • VMware Player 1.0.2
    cpe:2.3:a:vmware:player:1.0.2
  • VMware Player 1.0.3
    cpe:2.3:a:vmware:player:1.0.3
  • VMWare Player 1.0.4
    cpe:2.3:a:vmware:player:1.0.4
  • VMware Player 1.0.5
    cpe:2.3:a:vmware:player:1.0.5
  • VMware Player 1.0.6
    cpe:2.3:a:vmware:player:1.0.6
  • VMware Player 1.0.7
    cpe:2.3:a:vmware:player:1.0.7
  • VMware Player 1.0.8
    cpe:2.3:a:vmware:player:1.0.8
  • VMWare Player 2.0
    cpe:2.3:a:vmware:player:2.0
  • VMware Player 2.0.1
    cpe:2.3:a:vmware:player:2.0.1
  • VMware Player 2.0.2
    cpe:2.3:a:vmware:player:2.0.2
  • VMware Player 2.0.3
    cpe:2.3:a:vmware:player:2.0.3
  • VMware Player 2.0.4
    cpe:2.3:a:vmware:player:2.0.4
  • VMware Player 2.0.5
    cpe:2.3:a:vmware:player:2.0.5
  • VMware Player 2.5
    cpe:2.3:a:vmware:player:2.5
  • VMware Player 2.5.1
    cpe:2.3:a:vmware:player:2.5.1
  • VMWare VMware Server 1.0
    cpe:2.3:a:vmware:server:1.0
  • VMWare Server 1.0.1
    cpe:2.3:a:vmware:server:1.0.1
  • VMWare VMware Server 1.0.1.29996
    cpe:2.3:a:vmware:server:1.0.1_build_29996
  • VMWare Server 1.0.2
    cpe:2.3:a:vmware:server:1.0.2
  • VMWare Server 1.0.3
    cpe:2.3:a:vmware:server:1.0.3
  • VMWare Server 1.0.4
    cpe:2.3:a:vmware:server:1.0.4
  • VMWare VMware Server 1.0.4.56528
    cpe:2.3:a:vmware:server:1.0.4_build_56528
  • VMWare Server 1.0.5
    cpe:2.3:a:vmware:server:1.0.5
  • VMWare Server 1.0.6
    cpe:2.3:a:vmware:server:1.0.6
  • VMWare Server 1.0.7
    cpe:2.3:a:vmware:server:1.0.7
  • VMWare Server 1.0.8
    cpe:2.3:a:vmware:server:1.0.8
  • cpe:2.3:a:vmware:server:2.0
    cpe:2.3:a:vmware:server:2.0
  • cpe:2.3:a:vmware:workstation:1.0.1
    cpe:2.3:a:vmware:workstation:1.0.1
  • cpe:2.3:a:vmware:workstation:1.0.2
    cpe:2.3:a:vmware:workstation:1.0.2
  • cpe:2.3:a:vmware:workstation:1.0.4
    cpe:2.3:a:vmware:workstation:1.0.4
  • cpe:2.3:a:vmware:workstation:1.0.5
    cpe:2.3:a:vmware:workstation:1.0.5
  • cpe:2.3:a:vmware:workstation:1.1
    cpe:2.3:a:vmware:workstation:1.1
  • cpe:2.3:a:vmware:workstation:1.1.1
    cpe:2.3:a:vmware:workstation:1.1.1
  • cpe:2.3:a:vmware:workstation:1.1.2
    cpe:2.3:a:vmware:workstation:1.1.2
  • VMWare VMWare 2.0
    cpe:2.3:a:vmware:workstation:2.0
  • VMWare VMWare 2.0.1
    cpe:2.3:a:vmware:workstation:2.0.1
  • VMWare VMWare Workstation 3.2.1 patch1
    cpe:2.3:a:vmware:workstation:3.2.1:patch1
  • VMWare VMWare Workstation 3.4
    cpe:2.3:a:vmware:workstation:3.4
  • VMWare VMWare Workstation 4.0
    cpe:2.3:a:vmware:workstation:4.0
  • VMWare VMWare Workstation 4.0.1
    cpe:2.3:a:vmware:workstation:4.0.1
  • VMWare VMWare Workstation 4.0.1 build5289
    cpe:2.3:a:vmware:workstation:4.0.1_build_5289
  • VMWare VMWare Workstation 4.0.2
    cpe:2.3:a:vmware:workstation:4.0.2
  • VMWare VMWare Workstation 4.5.2
    cpe:2.3:a:vmware:workstation:4.5.2
  • VMWare VMWare Workstation 4.5.2 build8848
    cpe:2.3:a:vmware:workstation:4.5.2_build_8848
  • cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4
    cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4
  • VMWare VMWare 5
    cpe:2.3:a:vmware:workstation:5
  • cpe:2.3:a:vmware:workstation:5.0.0
    cpe:2.3:a:vmware:workstation:5.0.0
  • VMWare VMWare Workstation 5.0.0 build13124
    cpe:2.3:a:vmware:workstation:5.0.0_build_13124
  • VMWare VMWare 5.5
    cpe:2.3:a:vmware:workstation:5.5
  • cpe:2.3:a:vmware:workstation:5.5.0
    cpe:2.3:a:vmware:workstation:5.5.0
  • VMWare VMWare Workstation 5.5.0 build13124
    cpe:2.3:a:vmware:workstation:5.5.0_build_13124
  • VMWare VMWare Workstation 5.5.1
    cpe:2.3:a:vmware:workstation:5.5.1
  • VMWare VMWare Workstation 5.5.1 build19175
    cpe:2.3:a:vmware:workstation:5.5.1_build_19175
  • VMWare VMWare 5.5.2
    cpe:2.3:a:vmware:workstation:5.5.2
  • VMWare VMWare 5.5.3
    cpe:2.3:a:vmware:workstation:5.5.3
  • cpe:2.3:a:vmware:workstation:5.5.3:42958
    cpe:2.3:a:vmware:workstation:5.5.3:42958
  • VMWare VMWare Workstation 5.5.3 build 34685
    cpe:2.3:a:vmware:workstation:5.5.3_build_34685
  • VMWare VMWare Workstation 5.5.3 build 42958
    cpe:2.3:a:vmware:workstation:5.5.3_build_42958
  • VMWare VMWare 5.5.4
    cpe:2.3:a:vmware:workstation:5.5.4
  • VMWare VMWare Workstation 5.5.4 build 44386
    cpe:2.3:a:vmware:workstation:5.5.4_build_44386
  • VMWare VMWare 5.5.5
    cpe:2.3:a:vmware:workstation:5.5.5
  • VMWare VMWare Workstation 5.5.5.56455
    cpe:2.3:a:vmware:workstation:5.5.5_build_56455
  • VMWare VMWare 5.5.6
    cpe:2.3:a:vmware:workstation:5.5.6
  • VMWare VMWare 5.5.7
    cpe:2.3:a:vmware:workstation:5.5.7
  • VMWare VMWare 5.5.9
    cpe:2.3:a:vmware:workstation:5.5.8
  • VMWare VMWare 6.0
    cpe:2.3:a:vmware:workstation:6.0
  • VMWare Workstation 6.0.1
    cpe:2.3:a:vmware:workstation:6.0.1
  • VMWare VMWare Workstation 6.0.1.55017
    cpe:2.3:a:vmware:workstation:6.0.1_build_55017
  • VMWare Workstation 6.0.2
    cpe:2.3:a:vmware:workstation:6.0.2
  • VMWare Workstation 6.0.3
    cpe:2.3:a:vmware:workstation:6.0.3
  • VMWare Workstation 6.0.4
    cpe:2.3:a:vmware:workstation:6.0.4
  • VMWare Workstation 6.0.5
    cpe:2.3:a:vmware:workstation:6.0.5
  • cpe:2.3:a:vmware:workstation:6.5
    cpe:2.3:a:vmware:workstation:6.5
  • VMWare Workstation 6.5.1
    cpe:2.3:a:vmware:workstation:6.5.1
CVSS
Base: 4.0 (as of 02-06-2009 - 08:25)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2009-0007.NASL
    description a. VMware Descheduled Time Accounting driver vulnerability may cause a denial of service in Windows based virtual machines. The VMware Descheduled Time Accounting Service is an optional, experimental service that provides improved guest operating system accounting. This patch fixes a denial of service vulnerability that could be triggered in a virtual machine by an unprivileged, locally logged-on user in the virtual machine. Virtual machines are affected under the following conditions : - The virtual machine is running a Windows operating system. - The VMware Descheduled Time Accounting driver is installed in the virtual machine. Note that this is an optional (non- default) part of the VMware Tools installation. - The VMware Descheduled Time Accounting Service is not running in the virtual machine The VMware Descheduled Time Accounting Service is no longer provided in newer versions of VMware Tools, starting with the versions released in Fusion 2.0.2 and ESX 4.0. However, virtual machines migrated from vulnerable releases will still be vulnerable if the three conditions listed above are met, until their tools are upgraded. Steps needed to remediate this vulnerability : Guest systems on VMware Workstation, Player, ACE, Server, Fusion - Install the new version of Workstation, Player, ACE, Server, Fusion (see below for version information) - Upgrade tools in the virtual machine (virtual machine users will be prompted to upgrade). Guest systems on ESX 3.5, ESXi 3.5, ESX 3.0.2, ESX 3.0.3 - Install the relevant patches (see below for patch identifiers) - Manually upgrade tools in the virtual machine (virtual machine users will not be prompted to upgrade). Note the VI Client will not show the VMware tools is out of date in the summary tab. Please see http://tinyurl.com/27mpjo page 80 for details. Guests systems on ESX 4.0 and ESXi 4.0 that have been migrated from ESX 3.5, ESXi 3.5, and ESX 3.0.x - Install/upgrade the new tools in the virtual machine (virtual machine users will be prompted to upgrade). If the Descheduled Time Accounting driver was installed, the tools upgrade will result in an updated driver for Workstation, Player, ACE, Server, ESX 3.0.2, ESX 3.0.3, ESX 3.5, ESXi 3.5. For Fusion, ESX 4.0, and ESXi 4.0 the tools upgrade will result in the removal of the driver. VMware would like to thank Nikita Tarakanov for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1805 to this issue. b. Updated libpng package for the ESX 2.5.5 Service Console The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A flaw was discovered in the way libpng handled PNG images containing 'unknown' chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0040 and CVE-2008-1382 to these issues. The VMware version number of libpng after applying the update is libpng-1.0.14-12.i386.rpm.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40392
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40392
    title VMSA-2009-0007 : VMware Hosted products and ESX and ESXi patches resolve security issues
  • NASL family Windows
    NASL id VMWARE_MULTIPLE_VMSA_2009_0005.NASL
    description VMware products installed on the remote host are reportedly affected by multiple vulnerabilities : - A vulnerability in the guest virtual device driver could allow an attacker to use the guest operating system to crash the host operating system. (CVE-2008-3761) - A denial of service vulnerability affects an unspecified IOCTL contained in the 'hcmon.sys' driver. An attacker can exploit this in order to deny service on a Windows- based host. (CVE-2009-1146, CVE-2008-3761) - A privilege escalation vulnerability affects the 'vmci.sys' driver on Windows-based machines. An attacker can exploit this in order to gain escalated privileges on either the host or the guest. (CVE-2009-1147) - The 'VNnc' codec is affected by two heap-based buffer overflow vulnerabilities. An attacker can exploit these to execute arbitrary code on VMware hosted products by tricking a user into opening a malicious file. (CVE-2009-0909, CVE-2009-0910) - A vulnerability in ACE shared folder may allow attackers to enable previously disabled shared ACE folders. This only affects VMware ACE. (CVE-2009-0908) - A remote denial of service vulnerability affects Windows hosts. An attacker can exploit this to crash the affected host. (CVE-2009-0177) - A vulnerability in the virtual machine display function may allow a guest operating system to run code on the host. (CVE-2009-1244) - A vulnerability in VMware Descheduled Time Accounting Service could be exploited to trigger a denial of service condition in Windows-based virtual machines. It should be noted that, this feature is optional, and the vulnerability can be exploited only if the feature is installed, and the affected service is not running in the virtual machine. (CVE-2009-1805)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 36117
    published 2009-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36117
    title VMware Products Multiple Vulnerabilities (VMSA-2009-0005/VMSA-2009-0007)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2009-0007_REMOTE.NASL
    description The remote ESX / ESXi host is missing a security-related patch. It is, therefore, affected by an unspecified flaw in the Descheduled Time Accounting driver that allows a guest Windows user to cause a denial of service. Note that this issue can be exploited only if the feature is installed and the affected service is not running in the virtual machine.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89113
    published 2016-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89113
    title VMware ESX / ESXi Descheduled Time Accounting DoS (VMSA-2009-0007) (remote check)
oval via4
accepted 2009-11-09T04:00:36.120-05:00
class vulnerability
contributors
name Michael Wood
organization Hewlett-Packard
definition_extensions
  • comment VMWare ESX Server 3.0.3 is installed
    oval oval:org.mitre.oval:def:6026
  • comment VMWare ESX Server 3.0.2 is installed
    oval oval:org.mitre.oval:def:5613
  • comment VMware ESX Server 3.5.0 is installed
    oval oval:org.mitre.oval:def:5887
description Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.
family unix
id oval:org.mitre.oval:def:6130
status accepted
submitted 2009-09-23T15:39:02.000-04:00
title VMware Descheduled Time Accounting Driver Bug Lets Local Users on the Guest Operating System Deny Service
version 3
refmap via4
bid 35141
bugtraq 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues
confirm http://www.vmware.com/security/advisories/VMSA-2009-0007.html
sectrack 1022300
secunia 35269
vupen ADV-2009-1452
Last major update 21-08-2010 - 01:32
Published 01-06-2009 - 15:30
Last modified 30-10-2018 - 12:26
Back to Top