var-200910-0009
Vulnerability from variot
The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. VMware Fusion is prone to a privilege-escalation vulnerability caused by an unspecified file-permission problem. An attacker can exploit this issue to run arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. This issue affects versions prior to Fusion 2.0.6 build 196839. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: VMware Fusion Denial of Service and Privilege Escalation
SECUNIA ADVISORY ID: SA36928
VERIFY ADVISORY: http://secunia.com/advisories/36928/
DESCRIPTION: Two vulnerabilities have been reported in VMware Fusion, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.
The vulnerabilities are reported in version 2.0.5 and prior.
SOLUTION: Update to version 2.0.6 build 196839.
ORIGINAL ADVISORY: VMSA-2009-0013: http://lists.vmware.com/pipermail/security-announce/2009/000066.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0013 Synopsis: VMware Fusion resolves two security issues Issue date: 2009-10-01 Updated on: 2009-10-01 (initial release of advisory) CVE numbers: CVE-2009-3281 CVE-2009-3282
- Relevant releases
VMware Fusion 2.0.5 and earlier.
- Problem Description
VMware Fusion is a product that allows you to seamlessly run your favorite Windows applications on any Intel-based Mac.
a.
VMware would like to thank Neil Kettle of Convergent Network
Solutions for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-3281 to this issue.
b. Kernel denial of service vulnerability
An integer overflow vulnerability in the vmx86 kernel extension
allows for a denial of service of the host by an unprivileged user
on the host system.
VMware would like to thank Neil Kettle of Convergent Network
Solutions for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-3282 to this issue.
To remediate the above issues update your product using the table
below.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x Windows not affected
Workstation 6.5.x Linux not affected
Player 2.5.x Windows not affected
Player 2.5.x Linux not affected
ACE 2.5.x any not affected
Server any any not affected
Fusion any Mac OS/X Fusion 2.0.6 build 196839
ESXi any ESXi not affected
ESX any ESX not affected
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009
md5sum: d35490aa8caa92e21339c95c77314b2f sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26
VMware Fusion 2.0.6 (for Intel-based Macs): Download including only VMware Fusion software
md5sum: 2e8d39defdffed224c4bab4218cc6659 sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3282
- Change log
2009-10-01 VMSA-2009-0013 Initial security advisory after release of Fusion 2.0.6 on 2009-10-01
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32)
iD8DBQFKxYtnS2KysvBH1xkRAgZjAJ9xF6r9OKjHc4iayvPz0VEiLf2T6QCfdglG 7vvN45BLtMo4BuHfCGRGHo4= =y8E6 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusion",
"scope": "eq",
"trust": 1.9,
"vendor": "vmware",
"version": "2.0.4"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.9,
"vendor": "vmware",
"version": "2.0.3"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.6,
"vendor": "vmware",
"version": "2.0"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.6,
"vendor": "vmware",
"version": "1.1.2"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.6,
"vendor": "vmware",
"version": "2.0.2"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.6,
"vendor": "vmware",
"version": "2.0.1"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.6,
"vendor": "vmware",
"version": "1.1"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.6,
"vendor": "vmware",
"version": "1.1.3"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.6,
"vendor": "vmware",
"version": "1.1.1"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "1.0"
},
{
"model": "fusion",
"scope": "lte",
"trust": 1.0,
"vendor": "vmware",
"version": "2.0.5"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.9,
"vendor": "vmware",
"version": "2.0.5"
},
{
"model": "fusion",
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "fusion build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2147997"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2"
},
{
"model": "fusion",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.6"
}
],
"sources": [
{
"db": "BID",
"id": "36578"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002522"
},
{
"db": "NVD",
"id": "CVE-2009-3281"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-242"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3281"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Neil Kettle",
"sources": [
{
"db": "BID",
"id": "36578"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-242"
}
],
"trust": 0.9
},
"cve": "CVE-2009-3281",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-3281",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-40727",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-3281",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-242",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-40727",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40727"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002522"
},
{
"db": "NVD",
"id": "CVE-2009-3281"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-242"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. VMware Fusion is prone to a privilege-escalation vulnerability caused by an unspecified file-permission problem. \nAn attacker can exploit this issue to run arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. \nThis issue affects versions prior to Fusion 2.0.6 build 196839. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nVMware Fusion Denial of Service and Privilege Escalation\n\nSECUNIA ADVISORY ID:\nSA36928\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36928/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in VMware Fusion, which can be\nexploited by malicious, local users to cause a DoS (Denial of Service)\nor gain escalated privileges. \n\nThe vulnerabilities are reported in version 2.0.5 and prior. \n\nSOLUTION:\nUpdate to version 2.0.6 build 196839. \n\nORIGINAL ADVISORY:\nVMSA-2009-0013:\nhttp://lists.vmware.com/pipermail/security-announce/2009/000066.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0013\nSynopsis: VMware Fusion resolves two security issues\nIssue date: 2009-10-01\nUpdated on: 2009-10-01 (initial release of advisory)\nCVE numbers: CVE-2009-3281 CVE-2009-3282\n- ------------------------------------------------------------------------\n\n1. Relevant releases\n\n VMware Fusion 2.0.5 and earlier. \n\n3. Problem Description\n\n VMware Fusion is a product that allows you to seamlessly run your\n favorite Windows applications on any Intel-based Mac. \n\n a. \n\n VMware would like to thank Neil Kettle of Convergent Network\n Solutions for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-3281 to this issue. \n\n b. Kernel denial of service vulnerability\n\n An integer overflow vulnerability in the vmx86 kernel extension\n allows for a denial of service of the host by an unprivileged user\n on the host system. \n\n VMware would like to thank Neil Kettle of Convergent Network\n Solutions for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-3282 to this issue. \n\n To remediate the above issues update your product using the table\n below. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x Windows not affected\n Workstation 6.5.x Linux not affected\n\n Player 2.5.x Windows not affected\n Player 2.5.x Linux not affected\n\n ACE 2.5.x any not affected\n\n Server any any not affected\n\n Fusion any Mac OS/X Fusion 2.0.6 build 196839\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Fusion 2.0.6 (for Intel-based Macs): Download including\n VMware Fusion and a 12 month complimentary subscription to McAfee\n VirusScan Plus 2009\n\n md5sum: d35490aa8caa92e21339c95c77314b2f\n sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26\n\n VMware Fusion 2.0.6 (for Intel-based Macs): Download including only\n VMware Fusion software\n\n md5sum: 2e8d39defdffed224c4bab4218cc6659\n sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3281\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3282\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-10-01 VMSA-2009-0013\nInitial security advisory after release of Fusion 2.0.6 on 2009-10-01\n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (MingW32)\n\niD8DBQFKxYtnS2KysvBH1xkRAgZjAJ9xF6r9OKjHc4iayvPz0VEiLf2T6QCfdglG\n7vvN45BLtMo4BuHfCGRGHo4=\n=y8E6\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3281"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002522"
},
{
"db": "BID",
"id": "36578"
},
{
"db": "VULHUB",
"id": "VHN-40727"
},
{
"db": "PACKETSTORM",
"id": "81792"
},
{
"db": "PACKETSTORM",
"id": "81777"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-40727",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40727"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3281",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "36928",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1022981",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-2811",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002522",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200910-242",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[SECURITY-ANNOUNCE] 20091001 VMSA-2009-0013 VMWARE FUSION RESOLVES TWO SECURITY ISSUES",
"trust": 0.6
},
{
"db": "BID",
"id": "36578",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "81777",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-67053",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81775",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "10076",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-40727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81792",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40727"
},
{
"db": "BID",
"id": "36578"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002522"
},
{
"db": "PACKETSTORM",
"id": "81792"
},
{
"db": "PACKETSTORM",
"id": "81777"
},
{
"db": "NVD",
"id": "CVE-2009-3281"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-242"
}
]
},
"id": "VAR-200910-0009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-40727"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:11:29.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VMSA-2009-0013",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/vmsa-2009-0013.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002522"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40727"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002522"
},
{
"db": "NVD",
"id": "CVE-2009-3281"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1022981"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/36928"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/2811"
},
{
"trust": 2.1,
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html"
},
{
"trust": 1.7,
"url": "http://www.vmware.com/security/advisories/vmsa-2009-0013.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3281"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3281"
},
{
"trust": 0.3,
"url": "http://www.vmware.com"
},
{
"trust": 0.3,
"url": "/archive/1/506893"
},
{
"trust": 0.3,
"url": "/archive/1/506891"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36928/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3282"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3282"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3281"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40727"
},
{
"db": "BID",
"id": "36578"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002522"
},
{
"db": "PACKETSTORM",
"id": "81792"
},
{
"db": "PACKETSTORM",
"id": "81777"
},
{
"db": "NVD",
"id": "CVE-2009-3281"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-242"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-40727"
},
{
"db": "BID",
"id": "36578"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002522"
},
{
"db": "PACKETSTORM",
"id": "81792"
},
{
"db": "PACKETSTORM",
"id": "81777"
},
{
"db": "NVD",
"id": "CVE-2009-3281"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-242"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-40727"
},
{
"date": "2009-10-01T00:00:00",
"db": "BID",
"id": "36578"
},
{
"date": "2010-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002522"
},
{
"date": "2009-10-05T14:37:34",
"db": "PACKETSTORM",
"id": "81792"
},
{
"date": "2009-10-02T17:18:03",
"db": "PACKETSTORM",
"id": "81777"
},
{
"date": "2009-10-16T16:30:00.670000",
"db": "NVD",
"id": "CVE-2009-3281"
},
{
"date": "2009-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-242"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-40727"
},
{
"date": "2009-10-02T19:40:00",
"db": "BID",
"id": "36578"
},
{
"date": "2010-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002522"
},
{
"date": "2009-10-19T04:00:00",
"db": "NVD",
"id": "CVE-2009-3281"
},
{
"date": "2009-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-242"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "36578"
},
{
"db": "PACKETSTORM",
"id": "81792"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-242"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VMware Fusion of vmx86 Elevation of privilege vulnerability in Kernel Extensions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002522"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-242"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.