Vulnerabilities > CVE-2009-3282 - Numeric Errors vulnerability in VMWare Fusion

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
vmware
apple
CWE-189
nessus
NVD
Published: 2009-10-16
Updated: 2009-10-20

Summary

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. Per: http://lists.vmware.com/pipermail/security-announce/2009/000066.html Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009 md5sum: d35490aa8caa92e21339c95c77314b2f sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26 VMware Fusion 2.0.6 (for Intel-based Macs): Download including only VMware Fusion software md5sum: 2e8d39defdffed224c4bab4218cc6659 sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef

Vulnerable Configurations

Part Description Count
Application
Vmware
11
OS
Apple
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_FUSION_2_0_6.NASL
descriptionThe version of VMware Fusion installed on the Mac OS X host is earlier than 2.0.6. Such versions are affected by two security issues : - A vulnerability in the vmx86 kernel extension allows an unprivileged userland program to initialize several function pointers via the
last seen2020-06-01
modified2020-06-02
plugin id41971
published2009-10-02
reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/41971
titleVMware Fusion < 2.0.6 (VMSA-2009-0013)
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(41971);
  script_version("1.12");
  script_cvs_date("Date: 2018/07/14  1:59:35");

  script_cve_id("CVE-2009-3281", "CVE-2009-3282");
  script_bugtraq_id(36578, 36579);

  script_name(english:"VMware Fusion < 2.0.6 (VMSA-2009-0013)");
  script_summary(english:"Checks version Fusion");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host has an application that is affected by two security
issues."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of VMware Fusion installed on the Mac OS X host is earlier
than 2.0.6.  Such versions are affected by two security issues :

  - A vulnerability in the vmx86 kernel extension allows
    an unprivileged userland program to initialize
    several function pointers via the '0x802E564A' IOCTL
    code, which can lead to arbitrary code execution in
    the kernel context. (CVE-2009-3281)

  - An integer overflow in the vmx86 kernel extension allows
    for a denial of service of the host by an unprivileged 
    local user. (CVE-2009-3282)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.securityfocus.com/advisories/18019"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.securityfocus.com/archive/1/506891"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.securityfocus.com/archive/1/506893"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade to VMware Fusion 2.0.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(189, 264);
  script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/02");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("macosx_fusion_detect.nasl");
  script_require_keys("MacOSX/Fusion/Version");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("MacOSX/Fusion/Version");
fixed_version = "2.0.6";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Installed version : ' + version + 
      '\n  Fixed version     : ' + fixed_version + '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else exit(0, "The remote host is not affected since VMware Fusion "+version+" is installed.");

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 36579,36578 CVE ID: CVE-2009-3282,CVE-2009-3281 VMWare Fusion允许在基于Intel的Mac机器上无缝的运行Windows应用程序。 VMWare Fusion的vmx86内核扩展中存在文件权限漏洞和整数溢出漏洞,本地非特权用户可以利用这些漏洞在主机系统上执行任意内核态代码或导致拒绝服务。 VMWare Fusion 2.0 厂商补丁: VMWare ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.vmware.com
idSSV:12456
last seen2017-11-19
modified2009-10-12
published2009-10-12
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-12456
titleVMWare Fusion本地拒绝服务和权限提升漏洞

References