CVE-2009-3282 - Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows hos

CVE-2009-3282

Summary

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. Per: http://lists.vmware.com/pipermail/security-announce/2009/000066.html Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009 md5sum: d35490aa8caa92e21339c95c77314b2f sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26 VMware Fusion 2.0.6 (for Intel-based Macs): Download including only VMware Fusion software md5sum: 2e8d39defdffed224c4bab4218cc6659 sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef

References

Vulnerable Configurations

cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:-:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 20-10-2009 - 04:00)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

confirm	http://www.vmware.com/security/advisories/VMSA-2009-0013.html
mlist	[security-announce] 20091001 VMSA-2009-0013 VMware Fusion resolves two security issues
sectrack	1022981
secunia	36928
vupen	ADV-2009-2811

Last major update

20-10-2009 - 04:00

Published

16-10-2009 - 16:30

Last modified

20-10-2009 - 04:00