CVE-2009-2905

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2009-2905 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The original article can be found at: http://www.vmware.com/security/advisories/VMSA-2010-0004.html/

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2009-2905

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* VMware ESX 4.0.0 without patch ESX400-201002406-SG
* VMware vMA 4.0 before patch 3

Immune Systems:
* VMWare VirtualCenter on Windows
* VMWare hosted Workstation
* VMWare hosted Player
* VMWare hosted ACE
* VMWare hosted Server
* VMWare hosted Fusion
* VMWare ESXi
* VMWare ESX version 4.0 (ESX400-201002406-SG)
* VMWare ESX version 3.5
* VMWare ESX version 3.0.3
* VMWare ESX version 2.5.5
* VMWare vMA version 4.0 on RHEL5 (Patch 3)

A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library.

CVE Information:
CVE-2009-2905

Disclosure Timeline:
2010.03.03: Release of this Advisory

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus