ID CVE-2007-0062
Summary Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 16-10-2018 - 16:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 25729
bugtraq 20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4client
confirm
fulldisc 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
gentoo
  • GLSA-200711-23
  • GLSA-200808-05
iss 20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities
mandriva MDVSA-2009:153
sectrack 1018717
secunia
  • 26890
  • 27694
  • 27706
  • 31396
  • 34263
suse SUSE-SR:2009:005
ubuntu USN-543-1
vupen ADV-2007-3229
xf dhcp-param-overflow(33102)
statements via4
contributor Mark J Cox
lastmodified 2008-06-03
organization Red Hat
statement The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1, 3, 4, or 5: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-0062
Last major update 16-10-2018 - 16:30
Published 21-09-2007 - 19:17
Back to Top