{ "id": "CVE-2009-3281", "sourceIdentifier": "cve@mitre.org", "published": "2009-10-16T16:30:00.670", "lastModified": "2009-10-19T04:00:00.000", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors." }, { "lang": "es", "value": "La extensi\u00f3n del n\u00facleo vmx86 en VMware Fusion v2.0.6 anterior a build 196839 no utiliza los permisos de archivo correctos, lo cual permite a los usuarios del sistema operativo anfitrion obtener privilegios en el sistema operativo anfitri\u00f3n a trav\u00e9s de vectores no especificados." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2 }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-264" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.0.5", "matchCriteriaId": "A8A8DAA7-1031-4F9A-8E53-9F675EF193A6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "942B4ED3-A68E-4106-A98B-FA7CD3505140" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3DD1338C-8FC1-40A1-BAE8-B11F4354A0CE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC862199-8AA7-4E5E-BA2B-DF5FC9A056BD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1BDA2CE1-E26E-4347-BD60-2764A19F5E94" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2B503A45-D9F3-414D-9BFA-C58B1E81A39E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574" } ] } ] } ], "references": [ { "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://securitytracker.com/id?1022981", "source": "cve@mitre.org" }, { "url": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2009/2811", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] } ] }