ID CVE-2009-3282
Summary Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. Per: http://lists.vmware.com/pipermail/security-announce/2009/000066.html Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009 md5sum: d35490aa8caa92e21339c95c77314b2f sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26 VMware Fusion 2.0.6 (for Intel-based Macs): Download including only VMware Fusion software md5sum: 2e8d39defdffed224c4bab4218cc6659 sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:-:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:-:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 20-10-2009 - 04:00)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
confirm http://www.vmware.com/security/advisories/VMSA-2009-0013.html
mlist [security-announce] 20091001 VMSA-2009-0013 VMware Fusion resolves two security issues
sectrack 1022981
secunia 36928
vupen ADV-2009-2811
Last major update 20-10-2009 - 04:00
Published 16-10-2009 - 16:30
Back to Top