Vulnerabilities > CVE-2009-3282 - Numeric Errors vulnerability in VMWare Fusion

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

vmware

CWE-189

nessus

NVD

Published: 2009-10-16

Updated: 2009-10-20

Summary

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Fusion - Vmware Fusion 1.1.1 Vmware Fusion 1.0 Vmware Fusion 1.1 Vmware Fusion 1.1.2 Vmware Fusion 1.1.3 Vmware Fusion 2.0 Vmware Fusion 2.0.1 Vmware Fusion 2.0.2 Vmware Fusion 2.0.3 Vmware Fusion 2.0.4	11
OS	Apple Apple MAC OS X *	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FUSION_2_0_6.NASL
description	The version of VMware Fusion installed on the Mac OS X host is earlier than 2.0.6. Such versions are affected by two security issues : - A vulnerability in the vmx86 kernel extension allows an unprivileged userland program to initialize several function pointers via the
last seen	2020-06-01
modified	2020-06-02
plugin id	41971
published	2009-10-02
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41971
title	VMware Fusion < 2.0.6 (VMSA-2009-0013)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(41971); script_version("1.12"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2009-3281", "CVE-2009-3282"); script_bugtraq_id(36578, 36579); script_name(english:"VMware Fusion < 2.0.6 (VMSA-2009-0013)"); script_summary(english:"Checks version Fusion"); script_set_attribute( attribute:"synopsis", value: "The remote host has an application that is affected by two security issues." ); script_set_attribute( attribute:"description", value: "The version of VMware Fusion installed on the Mac OS X host is earlier than 2.0.6. Such versions are affected by two security issues : - A vulnerability in the vmx86 kernel extension allows an unprivileged userland program to initialize several function pointers via the '0x802E564A' IOCTL code, which can lead to arbitrary code execution in the kernel context. (CVE-2009-3281) - An integer overflow in the vmx86 kernel extension allows for a denial of service of the host by an unprivileged local user. (CVE-2009-3282)" ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2009/000066.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18019" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/archive/1/506891" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/archive/1/506893" ); script_set_attribute(attribute:"solution", value:"Upgrade to VMware Fusion 2.0.6 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(189, 264); script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/02"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("macosx_fusion_detect.nasl"); script_require_keys("MacOSX/Fusion/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("MacOSX/Fusion/Version"); fixed_version = "2.0.6"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else exit(0, "The remote host is not affected since VMware Fusion "+version+" is installed.");

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 36579,36578 CVE ID: CVE-2009-3282,CVE-2009-3281 VMWare Fusion允许在基于Intel的Mac机器上无缝的运行Windows应用程序。 VMWare Fusion的vmx86内核扩展中存在文件权限漏洞和整数溢出漏洞，本地非特权用户可以利用这些漏洞在主机系统上执行任意内核态代码或导致拒绝服务。 VMWare Fusion 2.0 厂商补丁： VMWare ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.vmware.com
id	SSV:12456
last seen	2017-11-19
modified	2009-10-12
published	2009-10-12
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-12456
title	VMWare Fusion本地拒绝服务和权限提升漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Seebug

References