NVD脆弱性詳細

CVE-2007-5438

概要	Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.
公表日	2007年10月13日10:17
登録日	2021年1月29日14:21
最終更新日	2018年10月16日6:44

CVSS2.0 : LOW
スコア	1.9
ベクター	AV:L/AC:M/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:vmware:ace:1.0:::::::*
cpe:2.3:a:vmware:ace:1.0.1:::::::*
cpe:2.3:a:vmware:ace:1.0.2:::::::*
cpe:2.3:a:vmware:ace:1.0.3:::::::*
cpe:2.3:a:vmware:ace:1.0.4:::::::*
cpe:2.3:a:vmware:ace:1.0.5:::::::*
cpe:2.3:a:vmware:ace:1.0.6:::::::*
cpe:2.3:a:vmware:ace:1.0.7:::::::*
cpe:2.3:a:vmware:ace:2.0:::::::*
cpe:2.3:a:vmware:ace:2.0.1:::::::*
cpe:2.3:a:vmware:ace:2.0.2:::::::*
cpe:2.3:a:vmware:ace:2.0.3:::::::*
cpe:2.3:a:vmware:ace:2.0.4:::::::*
cpe:2.3:a:vmware:ace:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.0:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.7:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.8:::::::*
cpe:2.3:a:vmware:vmware_player:2.0:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_server:1.0:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_server::::::::		1.0.7
cpe:2.3:a:vmware:vmware_workstation:5.5.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.5:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.6:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.7:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.8:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.5:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html	FULLDISC
2	http://osvdb.org/43488	OSVDB
3	http://secunia.com/advisories/31707	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/31708	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/31709	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/31710	SECUNIA	Vendor Advisory
7	http://securityreason.com/securityalert/3219	SREASON
8	http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf	MISC
9	http://www.securityfocus.com/archive/1/482021/100/0/threaded	BUGTRAQ
10	http://www.securityfocus.com/archive/1/495869/100/0/threaded	BUGTRAQ
11	http://www.securityfocus.com/bid/26025	BID
12	http://www.securitytracker.com/id?1020791	SECTRACK
13	http://www.vmware.com/security/advisories/VMSA-2008-0014.html	CONFIRM
14	http://www.vmware.com/support/ace/doc/releasenotes_ace.html	CONFIRM
15	http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	CONFIRM
16	http://www.vmware.com/support/player/doc/releasenotes_player.html	CONFIRM
17	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	CONFIRM
18	http://www.vmware.com/support/server/doc/releasenotes_server.html	CONFIRM
19	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	CONFIRM
20	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	CONFIRM
21	http://www.vupen.com/english/advisories/2008/2466	VUPEN	Vendor Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN脆弱性情報

VMware Workstation などの Reconfig.DLL における vmount2.exe がサービス運用妨害 (DoS) 状態となる脆弱性

タイトル	VMware Workstation などの Reconfig.DLL における vmount2.exe がサービス運用妨害 (DoS) 状態となる脆弱性
概要	VMware Workstation、VMware Player、VMware ACE、および VMware Server の Reconfig.DLL の特定の ActiveX コントロールは、ConnectPopulatedDiskEx 関数に関する処理に不備があるため、Virtual Disk Mount Service (vmount2.exe) がサービス運用妨害 (DoS) 状態となる脆弱性が存在します。
想定される影響	ローカルユーザにより、Virtual Disk Mount Service (vmount2.exe) をサービス運用妨害 (DoS) 状態にされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2007年10月12日0:00
登録日	2012年12月20日18:33
最終更新日	2012年12月20日18:33

影響を受けるシステム

VMware

VMware ACE 1.0.7 build 108880 未満の 1.x、および 2.0.5 build 109488 未満の 2.x

VMware Player 1.0.8 build 108000 未満の 1.x、および 2.0.5 build 109488 未満の 2.x

VMware Server 1.0.7 build 108231 未満

VMware Workstation 5.5.8 build 108000 未満の 5.5.x、および 6.0.5 build 109488 未満の 6.0.x

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-5438	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5438
National Vulnerability Database (NVD)
2	CVE-2007-5438	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5438

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	名前	URL
VMware
1	Workstation 5.5 Release Notes	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

変更履歴

No	変更内容	変更日
0	[2012年12月20日] 掲載	2018年2月17日10:37

構成1	以上	以下	より上	未満
cpe:2.3:a:vmware:ace:1.0:::::::*
cpe:2.3:a:vmware:ace:1.0.1:::::::*
cpe:2.3:a:vmware:ace:1.0.2:::::::*
cpe:2.3:a:vmware:ace:1.0.3:::::::*
cpe:2.3:a:vmware:ace:1.0.4:::::::*
cpe:2.3:a:vmware:ace:1.0.5:::::::*
cpe:2.3:a:vmware:ace:1.0.6:::::::*
cpe:2.3:a:vmware:ace:1.0.7:::::::*
cpe:2.3:a:vmware:ace:2.0:::::::*
cpe:2.3:a:vmware:ace:2.0.1:::::::*
cpe:2.3:a:vmware:ace:2.0.2:::::::*
cpe:2.3:a:vmware:ace:2.0.3:::::::*
cpe:2.3:a:vmware:ace:2.0.4:::::::*
cpe:2.3:a:vmware:ace:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.0:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.7:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.8:::::::*
cpe:2.3:a:vmware:vmware_player:2.0:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_server:1.0:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_server::::::::		1.0.7
cpe:2.3:a:vmware:vmware_workstation:5.5.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.5:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.6:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.7:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.8:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.5:::::::*