CVE-2007-0061: Buffer Overflow
First published: Fri Sep 21 2007(Updated: )
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation and ESXi | >=5.5<5.5.5 | |
| VMware Workstation and ESXi | >=6.0<6.0.1 | |
| VMware Player | >=2.0<2.0.1 | |
| VMware ACE | >=2.0<2.0.1 | |
| VMware ESXi | =2.5.4 | |
| VMware ESXi | =2.5.3 | |
| VMware ESXi | =2.1.3 | |
| VMware ESXi | =2.0.2 | |
| VMware ESXi | =3.0.0 | |
| VMware ESXi | =3.0.1 | |
| VMware ACE | >=1.0<1.0.3 | |
| VMware Player | >=1.0<1.0.5 | |
| VMware Server | >=1.0<1.0.4 | |
| Ubuntu | =6.06 | |
| Ubuntu | =7.04 | |
| Ubuntu | =6.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.iss.net/threats/275.html
- http://www.vmware.com/support/ace/doc/releasenotes_ace.html
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- http://www.vmware.com/support/player/doc/releasenotes_player.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.securityfocus.com/bid/25729
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
- http://security.gentoo.org/glsa/glsa-200711-23.xml
- http://www.ubuntu.com/usn/usn-543-1
- http://www.securitytracker.com/id?1018717
- http://secunia.com/advisories/26890
- http://secunia.com/advisories/27694
- http://secunia.com/advisories/27706
- http://www.vupen.com/english/advisories/2007/3229
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33101
Frequently Asked Questions
What is the severity of CVE-2007-0061?
CVE-2007-0061 has a medium severity rating due to the potential for remote system compromises.
How do I fix CVE-2007-0061?
To fix CVE-2007-0061, update your VMware products to the latest versions as referenced in the security patches provided by VMware.
Which versions of VMware are affected by CVE-2007-0061?
CVE-2007-0061 affects VMware Workstation versions prior to 5.5.5, Player versions prior to 1.0.5, ACE versions prior to 1.0.3, and Server versions prior to 1.0.4.
What kind of attack is associated with CVE-2007-0061?
CVE-2007-0061 allows remote attackers to exploit the DHCP server functionality, potentially leading to unauthorized access and control.
Are Ubuntu Linux versions vulnerable to CVE-2007-0061?
Yes, specific versions of Ubuntu Linux, including 6.06 and 6.10, may be vulnerable depending on their compatibility with the affected VMware applications.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/vmware
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/5.5
- version/vmware workstation and esxi/6.0
- canonical/vmware player
- version/vmware player/2.0
- canonical/vmware ace
- version/vmware ace/2.0
- canonical/vmware esxi
- version/vmware esxi/2.5.4
- version/vmware esxi/2.5.3
- version/vmware esxi/2.1.3
- version/vmware esxi/2.0.2
- version/vmware esxi/3.0.0
- version/vmware esxi/3.0.1
- version/vmware ace/1.0
- version/vmware player/1.0
- canonical/vmware server
- version/vmware server/1.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/6.06
- version/ubuntu/7.04
- version/ubuntu/6.10