Vulnerability-Lookup

CVE-2009-3282 (GCVE-0-2009-3282)

Vulnerability from cvelistv5 – Published: 2009-10-16 16:00 – Updated: 2024-09-16 22:15

Summary

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
	http://www.vupen.com/english/advisories/2009/2811	vdb-entryx_refsource_VUPEN
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://secunia.com/advisories/36928	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1022981	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:22:24.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[security-announce] 20091001 VMSA-2009-0013 VMware Fusion resolves two security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
          },
          {
            "name": "ADV-2009-2811",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2811"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html"
          },
          {
            "name": "36928",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36928"
          },
          {
            "name": "1022981",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022981"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-10-16T16:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[security-announce] 20091001 VMSA-2009-0013 VMware Fusion resolves two security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
        },
        {
          "name": "ADV-2009-2811",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2811"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html"
        },
        {
          "name": "36928",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36928"
        },
        {
          "name": "1022981",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022981"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3282",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[security-announce] 20091001 VMSA-2009-0013 VMware Fusion resolves two security issues",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
            },
            {
              "name": "ADV-2009-2811",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2811"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html"
            },
            {
              "name": "36928",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36928"
            },
            {
              "name": "1022981",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022981"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3282",
    "datePublished": "2009-10-16T16:00:00.000Z",
    "dateReserved": "2009-09-21T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:15:47.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2009-3282",
      "date": "2026-04-26",
      "epss": "0.00509",
      "percentile": "0.66425"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.0.5\", \"matchCriteriaId\": \"A8A8DAA7-1031-4F9A-8E53-9F675EF193A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"942B4ED3-A68E-4106-A98B-FA7CD3505140\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DD1338C-8FC1-40A1-BAE8-B11F4354A0CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC862199-8AA7-4E5E-BA2B-DF5FC9A056BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BDA2CE1-E26E-4347-BD60-2764A19F5E94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B503A45-D9F3-414D-9BFA-C58B1E81A39E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E18541B-36B6-40A7-9749-FA47A10379C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55EBD95F-3DF7-49F3-A7AA-47085E0B7C88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6DA47C9-3D1A-49A7-8976-AE05D6730673\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"692CC131-5C6C-4AD6-B85C-07DF21168BC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"617EFBFF-D047-4A0B-ACB6-83B27710F6F8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de enteros en la extensi\\u00f3n del n\\u00facleo vmx86 en VMware Fusion v2.0.6 anterior a build 196839 permite a los usuarios del sistema operativo anfitri\\u00f3n causar una denegaci\\u00f3n de servicio al sistema operativo anfitri\\u00f3n a trav\\u00e9s de vectores no especificados.\"}]",
      "evaluatorSolution": "Per: http://lists.vmware.com/pipermail/security-announce/2009/000066.html \r\n\r\nSolution\r\n\r\n   Please review the patch/release notes for your product and version\r\n   and verify the md5sum and/or the sha1sum of your downloaded file.\r\n\r\n   VMware Fusion 2.0.6 (for Intel-based Macs): Download including\r\n   VMware Fusion and a 12 month complimentary subscription to McAfee\r\n   VirusScan Plus 2009\r\n\r\n   md5sum: d35490aa8caa92e21339c95c77314b2f\r\n   sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26\r\n\r\n   VMware Fusion 2.0.6 (for Intel-based Macs): Download including only\r\n   VMware Fusion software\r\n\r\n   md5sum: 2e8d39defdffed224c4bab4218cc6659\r\n   sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef\r\n",
      "id": "CVE-2009-3282",
      "lastModified": "2024-11-21T01:06:58.887",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-10-16T16:30:00.717",
      "references": "[{\"url\": \"http://lists.vmware.com/pipermail/security-announce/2009/000066.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36928\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1022981\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2009-0013.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2811\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2009/000066.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36928\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1022981\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2009-0013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2811\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-3282\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-10-16T16:30:00.717\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de enteros en la extensi\u00f3n del n\u00facleo vmx86 en VMware Fusion v2.0.6 anterior a build 196839 permite a los usuarios del sistema operativo anfitri\u00f3n causar una denegaci\u00f3n de servicio al sistema operativo anfitri\u00f3n a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.5\",\"matchCriteriaId\":\"A8A8DAA7-1031-4F9A-8E53-9F675EF193A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"942B4ED3-A68E-4106-A98B-FA7CD3505140\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DD1338C-8FC1-40A1-BAE8-B11F4354A0CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC862199-8AA7-4E5E-BA2B-DF5FC9A056BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BDA2CE1-E26E-4347-BD60-2764A19F5E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B503A45-D9F3-414D-9BFA-C58B1E81A39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E18541B-36B6-40A7-9749-FA47A10379C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55EBD95F-3DF7-49F3-A7AA-47085E0B7C88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6DA47C9-3D1A-49A7-8976-AE05D6730673\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"692CC131-5C6C-4AD6-B85C-07DF21168BC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"617EFBFF-D047-4A0B-ACB6-83B27710F6F8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}]}]}],\"references\":[{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2009/000066.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36928\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1022981\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0013.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2811\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2009/000066.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36928\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1022981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2811\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}],\"evaluatorSolution\":\"Per: http://lists.vmware.com/pipermail/security-announce/2009/000066.html \\r\\n\\r\\nSolution\\r\\n\\r\\n   Please review the patch/release notes for your product and version\\r\\n   and verify the md5sum and/or the sha1sum of your downloaded file.\\r\\n\\r\\n   VMware Fusion 2.0.6 (for Intel-based Macs): Download including\\r\\n   VMware Fusion and a 12 month complimentary subscription to McAfee\\r\\n   VirusScan Plus 2009\\r\\n\\r\\n   md5sum: d35490aa8caa92e21339c95c77314b2f\\r\\n   sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26\\r\\n\\r\\n   VMware Fusion 2.0.6 (for Intel-based Macs): Download including only\\r\\n   VMware Fusion software\\r\\n\\r\\n   md5sum: 2e8d39defdffed224c4bab4218cc6659\\r\\n   sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef\\r\\n\"}}"
  }
}

FKIE_CVE-2009-3282

Vulnerability from fkie_nvd - Published: 2009-10-16 16:30 - Updated: 2026-04-23 00:35

Severity ?

Summary

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://lists.vmware.com/pipermail/security-announce/2009/000066.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/36928	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1022981
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2009-0013.html	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2811	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2009/000066.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36928	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022981
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0013.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2811	Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	fusion	*
vmware	fusion	1.0
vmware	fusion	1.1
vmware	fusion	1.1.1
vmware	fusion	1.1.2
vmware	fusion	1.1.3
vmware	fusion	2.0
vmware	fusion	2.0.1
vmware	fusion	2.0.2
vmware	fusion	2.0.3
vmware	fusion	2.0.4
apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8DAA7-1031-4F9A-8E53-9F675EF193A6",
              "versionEndIncluding": "2.0.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "942B4ED3-A68E-4106-A98B-FA7CD3505140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DD1338C-8FC1-40A1-BAE8-B11F4354A0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC862199-8AA7-4E5E-BA2B-DF5FC9A056BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDA2CE1-E26E-4347-BD60-2764A19F5E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B503A45-D9F3-414D-9BFA-C58B1E81A39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en la extensi\u00f3n del n\u00facleo vmx86 en VMware Fusion v2.0.6 anterior a build 196839 permite a los usuarios del sistema operativo anfitri\u00f3n causar una denegaci\u00f3n de servicio al sistema operativo anfitri\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorSolution": "Per: http://lists.vmware.com/pipermail/security-announce/2009/000066.html \r\n\r\nSolution\r\n\r\n   Please review the patch/release notes for your product and version\r\n   and verify the md5sum and/or the sha1sum of your downloaded file.\r\n\r\n   VMware Fusion 2.0.6 (for Intel-based Macs): Download including\r\n   VMware Fusion and a 12 month complimentary subscription to McAfee\r\n   VirusScan Plus 2009\r\n\r\n   md5sum: d35490aa8caa92e21339c95c77314b2f\r\n   sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26\r\n\r\n   VMware Fusion 2.0.6 (for Intel-based Macs): Download including only\r\n   VMware Fusion software\r\n\r\n   md5sum: 2e8d39defdffed224c4bab4218cc6659\r\n   sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef\r\n",
  "id": "CVE-2009-3282",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-10-16T16:30:00.717",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36928"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1022981"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2811"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200910-0010

Vulnerability from variot - Updated: 2023-12-18 12:11

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. VMware Fusion is prone to a denial-of-service vulnerability caused by an unspecified integer-overflow issue. An attacker can exploit this issue to crash the affected system, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. This issue affects versions prior to Fusion 2.0.6 build 196839. Users of the main operating system can use unknown parameters to cause a denial of service attack on the main operating system. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: VMware Fusion Denial of Service and Privilege Escalation

SECUNIA ADVISORY ID: SA36928

VERIFY ADVISORY: http://secunia.com/advisories/36928/

DESCRIPTION: Two vulnerabilities have been reported in VMware Fusion, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

The vulnerabilities are reported in version 2.0.5 and prior.

SOLUTION: Update to version 2.0.6 build 196839.

ORIGINAL ADVISORY: VMSA-2009-0013: http://lists.vmware.com/pipermail/security-announce/2009/000066.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2009-0013 Synopsis: VMware Fusion resolves two security issues Issue date: 2009-10-01 Updated on: 2009-10-01 (initial release of advisory) CVE numbers: CVE-2009-3281 CVE-2009-3282

Relevant releases

VMware Fusion 2.0.5 and earlier.

Problem Description

VMware Fusion is a product that allows you to seamlessly run your favorite Windows applications on any Intel-based Mac.

a. Kernel code execution vulnerability

An file permission problem in the vmx86 kernel extension allows for
executing arbitrary code in the host system kernel context by an
unprivileged user on the host system.

VMware would like to thank Neil Kettle of Convergent Network
Solutions for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-3281 to this issue.

VMware would like to thank Neil Kettle of Convergent Network
Solutions for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-3282 to this issue.

To remediate the above issues update your product using the table
below.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

Workstation    6.5.x     Windows  not affected
Workstation    6.5.x     Linux    not affected

Player         2.5.x     Windows  not affected
Player         2.5.x     Linux    not affected

ACE            2.5.x     any      not affected

Server         any       any      not affected

Fusion         any       Mac OS/X Fusion 2.0.6 build 196839

ESXi           any       ESXi     not affected

ESX            any       ESX      not affected

Solution

Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.

VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009

md5sum: d35490aa8caa92e21339c95c77314b2f sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26

VMware Fusion 2.0.6 (for Intel-based Macs): Download including only VMware Fusion software

md5sum: 2e8d39defdffed224c4bab4218cc6659 sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef

References

CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3282

Change log

2009-10-01 VMSA-2009-0013 Initial security advisory after release of Fusion 2.0.6 on 2009-10-01

Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32)

iD8DBQFKxYtnS2KysvBH1xkRAgZjAJ9xF6r9OKjHc4iayvPz0VEiLf2T6QCfdglG 7vvN45BLtMo4BuHfCGRGHo4= =y8E6 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200910-0010",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "2.0.4"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "1.1.2"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "1.1"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "1.1.3"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "1.1.1"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "fusion",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.0.5"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "vmware",
        "version": "2.0.5"
      },
      {
        "model": "fusion",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "fusion build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2147997"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2"
      },
      {
        "model": "fusion",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "36579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-243"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.0.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-3282"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Neil Kettle",
    "sources": [
      {
        "db": "BID",
        "id": "36579"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-243"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2009-3282",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2009-3282",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-40728",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-3282",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200910-243",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-40728",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-243"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. VMware Fusion is prone to a denial-of-service vulnerability caused by an unspecified integer-overflow issue. \nAn attacker can exploit this issue to crash the affected system, resulting in denial-of-service conditions. \nGiven the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. \nThis issue affects versions prior to  Fusion 2.0.6 build 196839. Users of the main operating system can use unknown parameters to cause a denial of service attack on the main operating system. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nVMware Fusion Denial of Service and Privilege Escalation\n\nSECUNIA ADVISORY ID:\nSA36928\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36928/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in VMware Fusion, which can be\nexploited by malicious, local users to cause a DoS (Denial of Service)\nor gain escalated privileges. \n\nThe vulnerabilities are reported in version 2.0.5 and prior. \n\nSOLUTION:\nUpdate to version 2.0.6 build 196839. \n\nORIGINAL ADVISORY:\nVMSA-2009-0013:\nhttp://lists.vmware.com/pipermail/security-announce/2009/000066.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2009-0013\nSynopsis:          VMware Fusion resolves two security issues\nIssue date:        2009-10-01\nUpdated on:        2009-10-01 (initial release of advisory)\nCVE numbers:       CVE-2009-3281 CVE-2009-3282\n- ------------------------------------------------------------------------\n\n1. Relevant releases\n\n   VMware Fusion 2.0.5 and earlier. \n\n3. Problem Description\n\n   VMware Fusion is a product that allows you to seamlessly run your\n   favorite Windows applications on any Intel-based Mac. \n\n a. Kernel code execution vulnerability\n\n    An file permission problem in the vmx86 kernel extension allows for\n    executing arbitrary code in the host system kernel context by an\n    unprivileged user on the host system. \n\n    VMware would like to thank Neil Kettle of Convergent Network\n    Solutions for reporting this issue to us. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2009-3281 to this issue. \n\n b. \n\n    VMware would like to thank Neil Kettle of Convergent Network\n    Solutions for reporting this issue to us. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2009-3282 to this issue. \n\n    To remediate the above issues update your product using the table\n    below. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Workstation    6.5.x     Windows  not affected\n    Workstation    6.5.x     Linux    not affected\n\n    Player         2.5.x     Windows  not affected\n    Player         2.5.x     Linux    not affected\n\n    ACE            2.5.x     any      not affected\n\n    Server         any       any      not affected\n\n    Fusion         any       Mac OS/X Fusion 2.0.6 build 196839\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n\n4. Solution\n\n   Please review the patch/release notes for your product and version\n   and verify the md5sum and/or the sha1sum of your downloaded file. \n\n   VMware Fusion 2.0.6 (for Intel-based Macs): Download including\n   VMware Fusion and a 12 month complimentary subscription to McAfee\n   VirusScan Plus 2009\n\n   md5sum: d35490aa8caa92e21339c95c77314b2f\n   sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26\n\n   VMware Fusion 2.0.6 (for Intel-based Macs): Download including only\n   VMware Fusion software\n\n   md5sum: 2e8d39defdffed224c4bab4218cc6659\n   sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef\n\n5. References\n\n   CVE numbers\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3281\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3282\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-10-01  VMSA-2009-0013\nInitial security advisory after release of Fusion 2.0.6 on 2009-10-01\n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (MingW32)\n\niD8DBQFKxYtnS2KysvBH1xkRAgZjAJ9xF6r9OKjHc4iayvPz0VEiLf2T6QCfdglG\n7vvN45BLtMo4BuHfCGRGHo4=\n=y8E6\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-3282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      },
      {
        "db": "BID",
        "id": "36579"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40728"
      },
      {
        "db": "PACKETSTORM",
        "id": "81792"
      },
      {
        "db": "PACKETSTORM",
        "id": "81777"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-40728",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40728"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-3282",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "36928",
        "trust": 2.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-2811",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1022981",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002523",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-243",
        "trust": 0.7
      },
      {
        "db": "MLIST",
        "id": "[SECURITY-ANNOUNCE] 20091001 VMSA-2009-0013 VMWARE FUSION RESOLVES TWO SECURITY ISSUES",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "36579",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "81776",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-40728",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81792",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81777",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40728"
      },
      {
        "db": "BID",
        "id": "36579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      },
      {
        "db": "PACKETSTORM",
        "id": "81792"
      },
      {
        "db": "PACKETSTORM",
        "id": "81777"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-243"
      }
    ]
  },
  "id": "VAR-200910-0010",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40728"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:11:29.951000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "VMSA-2009-0013",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2009-0013.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3282"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1022981"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/36928"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2009/2811"
      },
      {
        "trust": 2.1,
        "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.vmware.com/security/advisories/vmsa-2009-0013.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3282"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3282"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/506893"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/506891"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36928/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3282"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3281"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3281"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40728"
      },
      {
        "db": "BID",
        "id": "36579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      },
      {
        "db": "PACKETSTORM",
        "id": "81792"
      },
      {
        "db": "PACKETSTORM",
        "id": "81777"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-243"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-40728"
      },
      {
        "db": "BID",
        "id": "36579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      },
      {
        "db": "PACKETSTORM",
        "id": "81792"
      },
      {
        "db": "PACKETSTORM",
        "id": "81777"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-243"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-40728"
      },
      {
        "date": "2009-10-01T00:00:00",
        "db": "BID",
        "id": "36579"
      },
      {
        "date": "2010-03-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      },
      {
        "date": "2009-10-05T14:37:34",
        "db": "PACKETSTORM",
        "id": "81792"
      },
      {
        "date": "2009-10-02T17:18:03",
        "db": "PACKETSTORM",
        "id": "81777"
      },
      {
        "date": "2009-10-16T16:30:00.717000",
        "db": "NVD",
        "id": "CVE-2009-3282"
      },
      {
        "date": "2009-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200910-243"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-10-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-40728"
      },
      {
        "date": "2009-10-02T20:00:00",
        "db": "BID",
        "id": "36579"
      },
      {
        "date": "2010-03-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      },
      {
        "date": "2009-10-20T04:00:00",
        "db": "NVD",
        "id": "CVE-2009-3282"
      },
      {
        "date": "2009-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200910-243"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-243"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VMware Fusion of  vmx86 Kernel extension integer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002523"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-243"
      }
    ],
    "trust": 0.6
  }
}

GHSA-PVMH-7H9V-F5XR

Vulnerability from github – Published: 2022-05-02 03:43 – Updated: 2022-05-02 03:43

Details

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3282"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-10-16T16:30:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.",
  "id": "GHSA-pvmh-7h9v-f5xr",
  "modified": "2022-05-02T03:43:34Z",
  "published": "2022-05-02T03:43:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3282"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36928"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1022981"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2811"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-3282

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.

Aliases

CVE-2009-3282

Aliases

CVE-2009-3282

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3282",
    "description": "Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.",
    "id": "GSD-2009-3282",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2009-3282"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3282"
      ],
      "details": "Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.",
      "id": "GSD-2009-3282",
      "modified": "2023-12-13T01:19:49.813520Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-3282",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[security-announce] 20091001 VMSA-2009-0013 VMware Fusion resolves two security issues",
            "refsource": "MLIST",
            "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
          },
          {
            "name": "ADV-2009-2811",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2811"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html"
          },
          {
            "name": "36928",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36928"
          },
          {
            "name": "1022981",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1022981"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.0.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3282"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36928",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36928"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html"
            },
            {
              "name": "1022981",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1022981"
            },
            {
              "name": "ADV-2009-2811",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2811"
            },
            {
              "name": "[security-announce] 20091001 VMSA-2009-0013 VMware Fusion resolves two security issues",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2009-10-20T04:00Z",
      "publishedDate": "2009-10-16T16:30Z"
    }
  }
}

CERTA-2009-AVI-419

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilité permettant de provoquer un déni de service ou d'obtenir des privilèges plus élevés ont été découvertes dans VMware Fusion.

Description

Deux vulnérabilités ont été découvertes dans VMware Fusion :

la première vulnérabilité est due à une erreur au niveau de l'extension noyau vmx86. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire dans le contexte du noyau du système hôte ;
la seconde vulnérabilité résulte d'un dépassement de capacité d'entier au niveau de l'extension noyau vmx86. Cette vulnérabilité peut être exploitée par un utilisateur malintentionné afin de causer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VMware Fusion version 2.0.5 et versions antérieures

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité VMware numéro VMSA-2009-0013 du 01 octobre 2009	None	vendor-advisory
Bulletin de sécurité VMware numéro VMSA-2009-0013 du 01 octobre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eVMware Fusion version 2.0.5 et versions  ant\u00e9rieures\u003c/p\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Fusion :\n\n-   la premi\u00e8re vuln\u00e9rabilit\u00e9 est due \u00e0 une erreur au niveau de\n    l\u0027extension noyau vmx86. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    permet d\u0027ex\u00e9cuter du code arbitraire dans le contexte du noyau du\n    syst\u00e8me h\u00f4te ;\n-   la seconde vuln\u00e9rabilit\u00e9 r\u00e9sulte d\u0027un d\u00e9passement de capacit\u00e9\n    d\u0027entier au niveau de l\u0027extension noyau vmx86. Cette vuln\u00e9rabilit\u00e9\n    peut \u00eatre exploit\u00e9e par un utilisateur malintentionn\u00e9 afin de causer\n    un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3281"
    },
    {
      "name": "CVE-2009-3282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3282"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware num\u00e9ro VMSA-2009-0013 du 01    octobre 2009 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
    }
  ],
  "reference": "CERTA-2009-AVI-419",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-10-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9 permettant de provoquer un d\u00e9ni de service ou\nd\u0027obtenir des privil\u00e8ges plus \u00e9lev\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware\nFusion.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s du logiciel VMware Fusion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware num\u00e9ro VMSA-2009-0013 du 01 octobre 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-419

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilité permettant de provoquer un déni de service ou d'obtenir des privilèges plus élevés ont été découvertes dans VMware Fusion.

Description

Deux vulnérabilités ont été découvertes dans VMware Fusion :

la première vulnérabilité est due à une erreur au niveau de l'extension noyau vmx86. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire dans le contexte du noyau du système hôte ;
la seconde vulnérabilité résulte d'un dépassement de capacité d'entier au niveau de l'extension noyau vmx86. Cette vulnérabilité peut être exploitée par un utilisateur malintentionné afin de causer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VMware Fusion version 2.0.5 et versions antérieures

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité VMware numéro VMSA-2009-0013 du 01 octobre 2009	None	vendor-advisory
Bulletin de sécurité VMware numéro VMSA-2009-0013 du 01 octobre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eVMware Fusion version 2.0.5 et versions  ant\u00e9rieures\u003c/p\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Fusion :\n\n-   la premi\u00e8re vuln\u00e9rabilit\u00e9 est due \u00e0 une erreur au niveau de\n    l\u0027extension noyau vmx86. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    permet d\u0027ex\u00e9cuter du code arbitraire dans le contexte du noyau du\n    syst\u00e8me h\u00f4te ;\n-   la seconde vuln\u00e9rabilit\u00e9 r\u00e9sulte d\u0027un d\u00e9passement de capacit\u00e9\n    d\u0027entier au niveau de l\u0027extension noyau vmx86. Cette vuln\u00e9rabilit\u00e9\n    peut \u00eatre exploit\u00e9e par un utilisateur malintentionn\u00e9 afin de causer\n    un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3281"
    },
    {
      "name": "CVE-2009-3282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3282"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware num\u00e9ro VMSA-2009-0013 du 01    octobre 2009 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
    }
  ],
  "reference": "CERTA-2009-AVI-419",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-10-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9 permettant de provoquer un d\u00e9ni de service ou\nd\u0027obtenir des privil\u00e8ges plus \u00e9lev\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware\nFusion.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s du logiciel VMware Fusion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware num\u00e9ro VMSA-2009-0013 du 01 octobre 2009",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3282 (GCVE-0-2009-3282)

FKIE_CVE-2009-3282

VAR-200910-0010

GHSA-PVMH-7H9V-F5XR

GSD-2009-3282

CERTA-2009-AVI-419

Description

Solution

CERTA-2009-AVI-419

Description

Solution

Tags

Sightings

Nomenclature