VMware Fusion < 3.1.3 (VMSA-2011-0009 / VMSA-2011-0011)

High Nessus Plugin ID 54974


The remote host has a virtualization application affected by multiple vulnerabilities.


The version of VMware Fusion installed on the Mac OS X host is earlier than 3.1.3. As such, it is reportedly affected by the following three security vulnerabilities :

- An attacker with access to a Guest operating system can determine if a path exists in the Host filesystem and whether it's a file or a directory regardless of permissions. (CVE-2011-2146)

- A race condition in mount.vmhgfs may allow an attacker with access to a Guest to mount on arbitrary directories in the Guest filesystem and escalate their privileges if they can control the contents of the mounted directory.

- A procedural error allows an attacker with access to a Solaris or FreeBSD Guest operating system to gain write access to an arbitrary file in the Guest filesystem.

- A buffer overflow in the way UDF file systems are handled could allow for code execution if a specially crafted ISO image is used. (CVE-2011-3868)

Note that the first three vulnerabilities only affect non-Windows guest operating systems.


Upgrade to VMware Fusion 3.1.3 or later.

In addition to patching, VMware Tools must be updated on all non- Windows guest VMs in order to completely mitigate certain vulnerabilities. Refer to the VMware advisory for more information.

See Also





Plugin Details

Severity: High

ID: 54974

File Name: macosx_fusion_3_1_3.nasl

Version: $Revision: 1.10 $

Type: local

Agent: macosx

Published: 2011/06/06

Modified: 2013/02/01

Dependencies: 50828

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:fusion

Required KB Items: MacOSX/Fusion/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/06/02

Vulnerability Publication Date: 2011/06/02

Exploitable With

Core Impact

Reference Information

CVE: CVE-2011-1787, CVE-2011-2145, CVE-2011-2146, CVE-2011-3868

BID: 48098, 49942

OSVDB: 73240, 73241, 73242, 76060

VMSA: 2011-0009, 2011-0011