ID

VAR-200910-0010


CVE

CVE-2009-3282


TITLE

VMware Fusion of vmx86 Kernel extension integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-002523

DESCRIPTION

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. VMware Fusion is prone to a denial-of-service vulnerability caused by an unspecified integer-overflow issue. An attacker can exploit this issue to crash the affected system, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. This issue affects versions prior to Fusion 2.0.6 build 196839. Users of the main operating system can use unknown parameters to cause a denial of service attack on the main operating system. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: VMware Fusion Denial of Service and Privilege Escalation SECUNIA ADVISORY ID: SA36928 VERIFY ADVISORY: http://secunia.com/advisories/36928/ DESCRIPTION: Two vulnerabilities have been reported in VMware Fusion, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. The vulnerabilities are reported in version 2.0.5 and prior. SOLUTION: Update to version 2.0.6 build 196839. ORIGINAL ADVISORY: VMSA-2009-0013: http://lists.vmware.com/pipermail/security-announce/2009/000066.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0013 Synopsis: VMware Fusion resolves two security issues Issue date: 2009-10-01 Updated on: 2009-10-01 (initial release of advisory) CVE numbers: CVE-2009-3281 CVE-2009-3282 - ------------------------------------------------------------------------ 1. Relevant releases VMware Fusion 2.0.5 and earlier. 3. Problem Description VMware Fusion is a product that allows you to seamlessly run your favorite Windows applications on any Intel-based Mac. a. Kernel code execution vulnerability An file permission problem in the vmx86 kernel extension allows for executing arbitrary code in the host system kernel context by an unprivileged user on the host system. VMware would like to thank Neil Kettle of Convergent Network Solutions for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3281 to this issue. b. VMware would like to thank Neil Kettle of Convergent Network Solutions for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3282 to this issue. To remediate the above issues update your product using the table below. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x Windows not affected Workstation 6.5.x Linux not affected Player 2.5.x Windows not affected Player 2.5.x Linux not affected ACE 2.5.x any not affected Server any any not affected Fusion any Mac OS/X Fusion 2.0.6 build 196839 ESXi any ESXi not affected ESX any ESX not affected 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009 md5sum: d35490aa8caa92e21339c95c77314b2f sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26 VMware Fusion 2.0.6 (for Intel-based Macs): Download including only VMware Fusion software md5sum: 2e8d39defdffed224c4bab4218cc6659 sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3282 - ------------------------------------------------------------------------ 6. Change log 2009-10-01 VMSA-2009-0013 Initial security advisory after release of Fusion 2.0.6 on 2009-10-01 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFKxYtnS2KysvBH1xkRAgZjAJ9xF6r9OKjHc4iayvPz0VEiLf2T6QCfdglG 7vvN45BLtMo4BuHfCGRGHo4= =y8E6 -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2009-3282 // JVNDB: JVNDB-2009-002523 // BID: 36579 // VULHUB: VHN-40728 // PACKETSTORM: 81792 // PACKETSTORM: 81777

AFFECTED PRODUCTS

vendor:vmwaremodel:fusionscope:eqversion:2.0.4

Trust: 1.9

vendor:vmwaremodel:fusionscope:eqversion:2.0.3

Trust: 1.9

vendor:vmwaremodel:fusionscope:eqversion:2.0

Trust: 1.6

vendor:vmwaremodel:fusionscope:eqversion:1.1.3

Trust: 1.6

vendor:vmwaremodel:fusionscope:eqversion:2.0.2

Trust: 1.6

vendor:vmwaremodel:fusionscope:eqversion:2.0.1

Trust: 1.6

vendor:vmwaremodel:fusionscope:eqversion:1.1.1

Trust: 1.6

vendor:vmwaremodel:fusionscope:eqversion:1.1

Trust: 1.6

vendor:vmwaremodel:fusionscope:eqversion:1.1.2

Trust: 1.6

vendor:vmwaremodel:fusionscope:eqversion:1.0

Trust: 1.0

vendor:vmwaremodel:fusionscope:lteversion:2.0.5

Trust: 1.0

vendor:vmwaremodel:fusionscope:eqversion:2.0.5

Trust: 0.9

vendor:vmwaremodel:fusionscope: - version: -

Trust: 0.8

vendor:vmwaremodel:fusion buildscope:eqversion:2.0.2147997

Trust: 0.3

vendor:vmwaremodel:fusionscope:eqversion:2

Trust: 0.3

vendor:vmwaremodel:fusionscope:neversion:2.0.6

Trust: 0.3

sources: BID: 36579 // JVNDB: JVNDB-2009-002523 // CNNVD: CNNVD-200910-243 // NVD: CVE-2009-3282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3282
value: HIGH

Trust: 1.0

NVD: CVE-2009-3282
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200910-243
value: HIGH

Trust: 0.6

VULHUB: VHN-40728
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-3282
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40728
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40728 // JVNDB: JVNDB-2009-002523 // CNNVD: CNNVD-200910-243 // NVD: CVE-2009-3282

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-40728 // JVNDB: JVNDB-2009-002523 // NVD: CVE-2009-3282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200910-243

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200910-243

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002523

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-40728

PATCH

title:VMSA-2009-0013url:http://www.vmware.com/security/advisories/VMSA-2009-0013.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-002523

EXTERNAL IDS

db:NVDid:CVE-2009-3282

Trust: 2.9

db:SECUNIAid:36928

Trust: 2.6

db:VUPENid:ADV-2009-2811

Trust: 2.5

db:SECTRACKid:1022981

Trust: 2.5

db:JVNDBid:JVNDB-2009-002523

Trust: 0.8

db:CNNVDid:CNNVD-200910-243

Trust: 0.7

db:MLISTid:[SECURITY-ANNOUNCE] 20091001 VMSA-2009-0013 VMWARE FUSION RESOLVES TWO SECURITY ISSUES

Trust: 0.6

db:BIDid:36579

Trust: 0.4

db:PACKETSTORMid:81776

Trust: 0.1

db:VULHUBid:VHN-40728

Trust: 0.1

db:PACKETSTORMid:81792

Trust: 0.1

db:PACKETSTORMid:81777

Trust: 0.1

sources: VULHUB: VHN-40728 // BID: 36579 // JVNDB: JVNDB-2009-002523 // PACKETSTORM: 81792 // PACKETSTORM: 81777 // CNNVD: CNNVD-200910-243 // NVD: CVE-2009-3282

REFERENCES

url:http://securitytracker.com/id?1022981

Trust: 2.5

url:http://secunia.com/advisories/36928

Trust: 2.5

url:http://www.vupen.com/english/advisories/2009/2811

Trust: 2.5

url:http://lists.vmware.com/pipermail/security-announce/2009/000066.html

Trust: 2.1

url:http://www.vmware.com/security/advisories/vmsa-2009-0013.html

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3282

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3282

Trust: 0.8

url:http://www.vmware.com

Trust: 0.3

url:/archive/1/506893

Trust: 0.3

url:/archive/1/506891

Trust: 0.3

url:http://secunia.com/advisories/36928/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/business_solutions/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3282

Trust: 0.1

url:http://www.vmware.com/security

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3281

Trust: 0.1

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:http://kb.vmware.com/kb/1055

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3281

Trust: 0.1

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.1

sources: VULHUB: VHN-40728 // BID: 36579 // JVNDB: JVNDB-2009-002523 // PACKETSTORM: 81792 // PACKETSTORM: 81777 // CNNVD: CNNVD-200910-243 // NVD: CVE-2009-3282

CREDITS

Neil Kettle

Trust: 0.9

sources: BID: 36579 // CNNVD: CNNVD-200910-243

SOURCES

db:VULHUBid:VHN-40728
db:BIDid:36579
db:JVNDBid:JVNDB-2009-002523
db:PACKETSTORMid:81792
db:PACKETSTORMid:81777
db:CNNVDid:CNNVD-200910-243
db:NVDid:CVE-2009-3282

LAST UPDATE DATE

2024-11-23T22:09:20.627000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-40728date:2009-10-20T00:00:00
db:BIDid:36579date:2009-10-02T20:00:00
db:JVNDBid:JVNDB-2009-002523date:2010-03-24T00:00:00
db:CNNVDid:CNNVD-200910-243date:2009-10-16T00:00:00
db:NVDid:CVE-2009-3282date:2024-11-21T01:06:58.887

SOURCES RELEASE DATE

db:VULHUBid:VHN-40728date:2009-10-16T00:00:00
db:BIDid:36579date:2009-10-01T00:00:00
db:JVNDBid:JVNDB-2009-002523date:2010-03-24T00:00:00
db:PACKETSTORMid:81792date:2009-10-05T14:37:34
db:PACKETSTORMid:81777date:2009-10-02T17:18:03
db:CNNVDid:CNNVD-200910-243date:2009-10-16T00:00:00
db:NVDid:CVE-2009-3282date:2009-10-16T16:30:00.717