News
Vigil@nce: VMware, denial of service of Descheduled Time Accounting
June 2009 by Vigil@nce
An attacker in a Windows guest system can use the Descheduled Time Accounting driver in order to generate a denial of service.
Severity: 1/4
Consequences: denial of service of service
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 29/05/2009
IMPACTED PRODUCTS
VMware ACE
VMware ESX
VMware ESXi
VMware Player
VMware Server
VMware Workstation
DESCRIPTION OF THE VULNERABILITY
The Descheduled Time Accounting (VMDesched) service can be optionally installed, in order to detect and correct time drifting (stacked System Timer interruptions) in virtual machines.
An attacker in a Windows guest system can use the Descheduled Time Accounting driver in order to generate a denial of service.
Technical details are unknown.
CHARACTERISTICS
Identifiers: CVE-2009-1805, VIGILANCE-VUL-8746, VMSA-2009-0007 http://vigilance.fr/vulnerability/VMware-denial-of-service-of-Descheduled-Time-Accounting-8746
