CVE-2024-37079: VMware vCenter... Note

CVE-2024-37079: VMware vCenter Server Integer Underflow Code Execution Vulnerability

VMware vCenter Server, a data center management server application developed by VMware Inc., has an integer underflow vulnerability due to a lack of validation of the calculated response header size used in subtraction. This vulnerability can be exploited by sending a crafted DCERPC packet to the target server, leading to a heap buffer overflow and potentially the execution of arbitrary code in the context of the vulnerable service. The vulnerability is triggered by two types of request packets: Bind Acknowledgement and Alter Context Response. To exploit this vulnerability, the request's auth_len must not be zero, the authentication trailer must not span beyond the beginning or the end of the packet, and the selected authentication type must be supported by the runtime. The vulnerability can be demonstrated using the SPNEGO SRP mechanism. The number of the Presentation Context List elements leading to a heap overflow is strictly 169.