CVE-2008-1364 : Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before

Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.

Published 2008-03-20 00:44:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2008-1364

Vmware » Workstation » Version: 5.5
cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 5.5.3 Build 34685
cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 5.5.3 Build 42958
cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 5.5.4
cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 5.5.4 Build 44386
cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 6.0
cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*
Matching versions
Vmware » ACE » Version: 1.0
cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*
Matching versions
Vmware » ACE » Version: 2.0
cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 1.0.4
cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.0
cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.0.1
cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.0.2
cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 1.0.5
cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 1.0.2
cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 1.0.3
cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*
Matching versions
Vmware » Server » Version: 1.0.3
cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*
Matching versions
Vmware » Vmware Workstation » Version: 6.0.1
cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Vmware Workstation » Version: 6.0.2
cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Vmware Workstation » Version: 5.5.5
cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*
Matching versions
Vmware » Vmware Server » Version: 1.0.4
cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*
Matching versions
Vmware » Vmware Server » Version: 1.0.2
cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-1364

EPSS FAQ

1.80%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-1364

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2008-1364

CWE-399

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2008-1364

Red Hat 2008-06-03

Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References for CVE-2008-1364

http://www.vupen.com/english/advisories/2008/0905/references

Site en construction

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/41254
http://securitytracker.com/id?1019623
http://www.vmware.com/security/advisories/VMSA-2008-0005.html

Support Content Notification - Support Portal - Broadcom support portal
Patch

CVEs referencing this url
http://www.securityfocus.com/bid/28276

CVEs referencing this url
http://www.vmware.com/support/player/doc/releasenotes_player.html

Page not found
Patch

CVEs referencing this url
http://www.securityfocus.com/archive/1/489739/100/0/threaded

CVEs referencing this url
http://lists.vmware.com/pipermail/security-announce/2008/000008.html

502 Bad Gateway
Patch

CVEs referencing this url
http://www.vmware.com/support/server/doc/releasenotes_server.html

Page not found
Patch

CVEs referencing this url
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

Page not found
Patch

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-201209-25.xml

VMware Player, Server, Workstation: Multiple vulnerabilities (GLSA 201209-25) — Gentoo security

CVEs referencing this url
http://securityreason.com/securityalert/3755

CVEs referencing this url
http://www.securityfocus.com/bid/28289

CVEs referencing this url
http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html

Patch