Info

Disclosure

Jun 18, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

EMC VMware Player contains a flaw that may allow a local denial of service. The issue is triggered when a user loads a .vmx file containing an ide1:0.fileName parameter with an overly long value, and will result in loss of availability for the the VMware instace. However, for an attacker to gain access and edit the .vmx file, it would require a level of access that would allow a wide variety of attacks. This level of access is considered to be trusted and not readily available to someone looking to launch this type of attack.

Classification

Location: Local Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Available
OSVDB: Myth/Fake

Solution

The vulnerability reported is incorrect. No solution required.

Products

VMware, Inc.

VMware Player

1.0.0rc8

References

CVE ID: 2006-3547 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0419.html
http://archives.neohapsis.com/archives/bugtraq/2006-06/0424.html
http://archives.neohapsis.com/archives/bugtraq/2006-06/0425.html

Credit

n00b - co296aol.com -

Direct URL: http://osvdb.org/36218