CVE-2009-3732

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2009-3732 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Johann MacDonagh.
The original article can be found at: http://www.securityfocus.com/bid/39395

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2009-3732

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* VMWare Workstation for Linux 6.5
* VMWare Workstation for Linux 0
* VMWare Workstation 6.5.3
* VMWare Workstation 6.5.2
* VMWare Workstation 6.5.1
* VMWare Workstation 6.5 build 118166
* VMWare Workstation 7.0
* VMWare Workstation 6.5.3 build 185404
* VMWare Workstation 6.5.2 build 156735
* VMWare Server 2.0.2 Build 203138
* VMWare Server 2.0.2
* VMWare Server 2.0.1 build 156745
* VMWare Server 2.0.1
* VMWare Server 2.0
* VMWare Player for Linux 2.5
* VMWare Player for Linux 0
* VMWare Player 2.5.4
* VMWare Player 2.5.3
* VMWare Player 2.5.2 build 156735
* VMWare Player 2.5.2
* VMWare Player 2.5.1
* VMWare Player 2.5 build 118166
* VMWare Player 3.0
* VMWare Player 2.5.3 build 185404
* VMWare Fusion 2.0.6 Build 196839
* VMWare Fusion 2.0.6
* VMWare Fusion 2.0.5
* VMWare Fusion 2.0.4
* VMWare Fusion 2.0.3
* VMWare Fusion 2.0.2 build 147997
* VMWare Fusion 3.0
* VMWare Fusion 2
* VMWare ACE 2.5.3 Build 185404
* VMWare ACE 2.5.2 build 156735
* VMWare ACE 2.5.2
* VMWare ACE 2.5.1
* VMWare ACE 2.5 build 118166
* VMWare ACE 2.6

Immune Systems:
* VMWare Workstation for Linux 6.5.4 build 246459
* VMWare Workstation 7.0.1 build 227600
* VMWare Workstation 6.5.4 build 246459
* VMWare Player for Linux 2.5.4 build 246459
* VMWare Player 3.0.1 build 227600
* VMWare Player 2.5.4 build 246459
* VMWare Fusion 3.0.1 Build 232708
* VMWare Fusion 2.0.7 Build 246742
* VMWare ACE 2.6.1 build 227600
* VMWare ACE 2.5.4 build 246459

An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks.

Vendor Status:
VMware had issued an update for this vulnerability

Patch Availability:
http://www.vmware.com/security/advisories/VMSA-2010-0007.html

CVE Information:
CVE-2009-3732

Disclosure Timeline:
Issue date: 2010-04-09
Updated on: 2010-04-12

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus