VMware Fusion < 2.0.6 (VMSA-2009-0013)

This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that is affected by two security

Description :

The version of VMware Fusion installed on the Mac OS X host is earlier
than 2.0.6. Such versions are affected by two security issues :

- A vulnerability in the vmx86 kernel extension allows
an unprivileged userland program to initialize
several function pointers via the '0x802E564A' IOCTL
code, which can lead to arbitrary code execution in
the kernel context. (CVE-2009-3281)

- An integer overflow in the vmx86 kernel extension allows
for a denial of service of the host by an unprivileged
local user. (CVE-2009-3282)

See also :


Solution :

Upgrade to VMware Fusion 2.0.6 or later.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.0
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 41971 (macosx_fusion_2_0_6.nasl)

Bugtraq ID: 36578

CVE ID: CVE-2009-3281