VMware Fusion < 2.0.6 (VMSA-2009-0013)

This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that is affected by two security

Description :

The version of VMware Fusion installed on the Mac OS X host is earlier
than 2.0.6. Such versions are affected by two security issues :

- A vulnerability in the vmx86 kernel extension allows
an unprivileged userland program to initialize
several function pointers via the '0x802E564A' IOCTL
code, which can lead to arbitrary code execution in
the kernel context. (CVE-2009-3281)

- An integer overflow in the vmx86 kernel extension allows
for a denial of service of the host by an unprivileged
local user. (CVE-2009-3282)

See also :


Solution :

Upgrade to VMware Fusion 2.0.6 or later.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.0
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 41971 (macosx_fusion_2_0_6.nasl)

Bugtraq ID: 36578

CVE ID: CVE-2009-3281

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial