Vulnerability CVE-2009-3281 - CERT Civis.Net

Vulnerability Name:

CVE-2009-3281 (CCN-53616)

Assigned:

2009-10-01

Published:

2009-10-01

Updated:

2009-10-19

Summary:

The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2009-3281

Source: CCN
Type: VMSA-2009-0013
VMware Fusion resolves two security issues

Source: MLIST
Type: Vendor Advisory
[security-announce] 20091001 VMSA-2009-0013 VMware Fusion resolves two security issues

Source: CCN
Type: SA36928
VMware Fusion Denial of Service and Privilege Escalation

Source: SECUNIA
Type: Vendor Advisory
36928

Source: CCN
Type: SECTRACK ID: 1022981
VMware Fusion vmx86 Kernel Extension Bugs Let Local Host OS Users Gain Elevated Privileges and Deny Service on the Host System

Source: SECTRACK
Type: UNKNOWN
1022981

Source: CCN
Type: OSVDB ID: 58475
VMware Fusion vmx86 Kernel Extension File Permission Error Arbitrary Code Execution

Source: CCN
Type: BID-36578
VMware Fusion Local Privilege Escalation Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0013.html

Source: VUPEN
Type: Vendor Advisory
ADV-2009-2811

Source: XF
Type: UNKNOWN
fusion-vmx86-privilege-escalation(53616)

Vulnerable Configuration:

Configuration 1:

cpe:/a:vmware:fusion:1.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:1.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:2.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:*:*:*:*:*:*:*:* (Version <= 2.0.5)

AND

cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:vmware:fusion:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:2.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:2.0.4:*:*:*:*:*:*:*

Denotes that component is vulnerable