Published: 16/10/2009 Updated: 19/10/2009

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The vmx86 kernel extension in VMware Fusion prior to 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware fusion 1.1.2
vmware fusion 1.1.1
vmware fusion 1.1
vmware fusion 1.0
vmware fusion 2.0.3
vmware fusion 2.0.1
vmware fusion 1.1.3
vmware fusion 2.0.4
vmware fusion
vmware fusion 2.0.2
vmware fusion 2.0

/* vmware-fissionc * * Copyright (c) 2009 by <mu-b@digit-labsorg> * * VMware Fusion <= 205 vmx86 kext local kernel root exploit * by mu-b - Tue 23 June 2009 * * - Tested on: VMware Fusion 204 (105x) * VMware Fusion 205 (105x) * * seclistsorg/fulldisclosure/2009/Oct/29 * listsvmwarecom/pi ...

CWE-264 http://lists.vmware.com/pipermail/security-announce/2009/000066.html http://secunia.com/advisories/36928 http://securitytracker.com/id?1022981 http://www.vupen.com/english/advisories/2009/2811 http://www.vmware.com/security/advisories/VMSA-2009-0013.html https://nvd.nist.gov https://www.exploit-db.com/exploits/10076/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-3281

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect