VulDB: VMware Player/Workstation/ESX/ESXi 2.x/6.x libpng buffer overflow
General
scipID: 4205
Affected: VMware Player/Workstation/ESX/ESXi 2.x/6.x
Published: 09/24/2010
Risk: 
problematic
Entry: 94% complete
Created: 10/19/2010
Updated: 09/03/2012
Summary
A vulnerability, which was classified as problematic, has been found in VMware Player, Workstation, ESX and ESXi 2.x/6.x. This issue affects an unknown function in the library libpng. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was published 09/24/2010 with VMware. The advisory is shared for download at lists.vmware.com. The identification of this vulnerability is CVE-2010-0205 since 01/06/2010. The attack may be initiated remotely. Technical details are known, but no exploit is available.
The vulnerability was handled as a non-public zero-day exploit for at least 48 days. The vulnerability scanner Nessus provides a plugin with the ID 49881 (SuSE 10 Security Update : libpng (ZYPP Patch Number 6933)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks and running in the context local.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at lists.vmware.com. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (62670), Secunia (SA41574), SecurityFocus (BID 38478) and SecurityTracker (ID 1023674).CVSS
Base Score: 4.6 (CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: No
Nessus ID: 49881
Nessus Name: SuSE 10 Security Update : libpng (ZYPP Patch Number 6933)
Nessus Family: SuSE Local Security Checks
Nessus Context: local
Countermeasures
Recommended: Upgrade
0-Day Time: 48 days since found
Patch: lists.vmware.com
Timeline
01/06/2010 | CVE assigned
03/03/2010 | OSVDB entry created
04/20/2010 | Countermeasure disclosed
09/24/2010 | Advisory disclosed
10/11/2010 | Nessus plugin released
10/19/2010 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: lists.vmware.com
Company: VMware
Confirmation: vmware.com
OSVDB: 62670
CVE: CVE-2010-0205 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 41574
SecurityFocus: 38478
SecurityTracker: 1023674
Vupen: ADV-2010-2491
