ID CVE-2009-0908
Summary Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:-:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:-:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:1.0.3_build_54075:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0.3_build_54075:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:2.0.1_build_55017:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:2.0.1_build_55017:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 29-09-2017 - 01:34)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
oval via4
accepted 2009-11-09T04:00:52.898-05:00
class vulnerability
contributors
name Michael Wood
organization Hewlett-Packard
definition_extensions
  • comment VMWare ESX Server 3.0.3 is installed
    oval oval:org.mitre.oval:def:6026
  • comment VMWare ESX Server 3.0.2 is installed
    oval oval:org.mitre.oval:def:5613
  • comment VMware ESX Server 3.5.0 is installed
    oval oval:org.mitre.oval:def:5887
description Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.
family unix
id oval:org.mitre.oval:def:6399
status accepted
submitted 2009-09-23T15:39:02.000-04:00
title VMware Host Guest File System Bug Lets Local Users Enable Certain Shared Folders
version 4
refmap via4
bid 34373
confirm http://www.vmware.com/security/advisories/VMSA-2009-0005.html
fulldisc 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
mlist [security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
sectrack 1021975
vupen ADV-2009-0944
Last major update 29-09-2017 - 01:34
Published 06-04-2009 - 15:30
Last modified 29-09-2017 - 01:34
Back to Top