Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.

The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in VMware Player, Server,       and Workstation. Please review the CVE identifiers referenced below for       details.
  Impact :

    Local users may be able to gain escalated privileges, cause a Denial of       Service, or gain sensitive information.
    A remote attacker could entice a user to open a specially crafted file,       possibly resulting in the remote execution of arbitrary code, or a Denial       of Service. Remote attackers also may be able to spoof DNS traffic, read       arbitrary files, or inject arbitrary web script to the VMware Server       Console.
    Furthermore, guest OS users may be able to execute arbitrary code on the       host OS, gain escalated privileges on the guest OS, or cause a Denial of       Service (crash the host OS).
  Workaround :

    There is no known workaround at this time.

The version of VMware Host Agent (hostd) running on the remote host has a directory traversal vulnerability.  The affected service runs as root.  VMware ESX, VMware ESXi, and VMware Server on Linux are affected.

A remote attacker could exploit this to read arbitrary files, including guest VMs, from the system.

a. Mishandled exception on page faults

   An improper setting of the exception code on page faults may allow    for local privilege escalation on the guest operating system. This    vulnerability does not affect the host system.

   VMware would like to thank Tavis Ormandy and Julien Tinnes of the    Google Security Team for reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the name CVE-2009-2267 to this issue.

b. Directory Traversal vulnerability

   A directory traversal vulnerability allows for remote retrieval of    any file from the host system. In order to send a malicious request,    the attacker will need to have access to the network on which the    host resides.

   VMware would like to thank Justin Morehouse and Jason Kratzer for    independently reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the name CVE-2009-3733 to this issue.

ID	Name	Product	Family	Severity
62383	GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
44646	VMware Host Agent Directory Traversal (VMSA-2009-0015)	Nessus	CGI abuses	medium
42289	VMSA-2009-0015 : VMware hosted products and ESX patches resolve two security issues	Nessus	VMware ESX Local Security Checks	medium

Detections

Analytics

CVE-2009-3733

high

Tenable Plugins

medium

medium

medium