CVE-2005-4459

high

Description

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

References

http://www.vupen.com/english/advisories/2005/3013

http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000

http://www.securityfocus.com/bid/15998

http://www.securityfocus.com/archive/1/420017/100/0/threaded

http://www.securityfocus.com/archive/1/419997/100/0/threaded

http://www.kb.cert.org/vuls/id/856689

http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml

http://securitytracker.com/id?1015401

http://securityreason.com/securityalert/289

http://securityreason.com/securityalert/282

http://secunia.com/advisories/18344

http://secunia.com/advisories/18162

Details

Source: Mitre, NVD

Published: 2005-12-21

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High