How to Buy
This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote host has a virtualization application affected by multiple
The version of VMware Fusion installed on the Mac OS X host is
earlier than 3.1.3. As such, it is reportedly affected by the
following three security vulnerabilities :
- An attacker with access to a Guest operating system can
determine if a path exists in the Host filesystem and
whether it's a file or a directory regardless of
- A race condition in mount.vmhgfs may allow an attacker
with access to a Guest to mount on arbitrary directories
in the Guest filesystem and escalate their privileges if
they can control the contents of the mounted directory.
- A procedural error allows an attacker with access to a
Solaris or FreeBSD Guest operating system to gain write
access to an arbitrary file in the Guest filesystem.
- A buffer overflow in the way UDF file systems are
handled could allow for code execution if a specially
crafted ISO image is used. (CVE-2011-3868)
Note that the first three vulnerabilities only affect non-Windows
guest operating systems.
See also :
Upgrade to VMware Fusion 3.1.3 or later.
In addition to patching, VMware Tools must be updated on all non-
Windows guest VMs in order to completely mitigate certain
vulnerabilities. Refer to the VMware advisory for more information.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.6
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 54974 ()
Bugtraq ID: 4809849942
CVE ID: CVE-2011-1787CVE-2011-2145CVE-2011-2146CVE-2011-3868
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.