cvelistv5 - cve-2009-1244

CVE-2009-1244 (GCVE-0-2009-1244)

Vulnerability from cvelistv5

Published

2009-04-13 16:00

Modified

2024-08-07 05:04

Severity ?

CWE

Summary

Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.

References

URL

Tags

	http://security.gentoo.org/glsa/glsa-201209-25.xml	vendor-advisory, x_refsource_GENTOO
	https://exchange.xforce.ibmcloud.com/vulnerabilities/49834	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/34471	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id?1022031	vdb-entry, x_refsource_SECTRACK
	http://osvdb.org/53634	vdb-entry, x_refsource_OSVDB
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065	vdb-entry, signature, x_refsource_OVAL
	http://www.vmware.com/security/advisories/VMSA-2009-0006.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/0944	vdb-entry, x_refsource_VUPEN
	http://lists.vmware.com/pipermail/security-announce/2009/000055.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/archive/1/502615/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201209-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "vmware-virtualmachine-code-execution(49834)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
          },
          {
            "name": "34471",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34471"
          },
          {
            "name": "1022031",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022031"
          },
          {
            "name": "53634",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/53634"
          },
          {
            "name": "oval:org.mitre.oval:def:6065",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
          },
          {
            "name": "ADV-2009-0944",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0944"
          },
          {
            "name": "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
          },
          {
            "name": "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201209-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
        },
        {
          "name": "vmware-virtualmachine-code-execution(49834)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
        },
        {
          "name": "34471",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34471"
        },
        {
          "name": "1022031",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022031"
        },
        {
          "name": "53634",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/53634"
        },
        {
          "name": "oval:org.mitre.oval:def:6065",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
        },
        {
          "name": "ADV-2009-0944",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0944"
        },
        {
          "name": "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
        },
        {
          "name": "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "vmware-virtualmachine-code-execution(49834)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
            },
            {
              "name": "34471",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34471"
            },
            {
              "name": "1022031",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022031"
            },
            {
              "name": "53634",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/53634"
            },
            {
              "name": "oval:org.mitre.oval:def:6065",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
            },
            {
              "name": "ADV-2009-0944",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0944"
            },
            {
              "name": "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
            },
            {
              "name": "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1244",
    "datePublished": "2009-04-13T16:00:00.000Z",
    "dateReserved": "2009-04-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:04:49.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-137

Vulnerability from certfr_avis

De nombreuses vulnérabilités ont été découvertes dans les produits VMware. L'exploitation de ces vulnérabilités permet de réaliser un grand nombre d'actions malveillantes, dont l'exécution de code arbitraire à distance.

Description

De nombreuses vulnérabilités ont été découvertes dans les produits VMware. Ces vulnérabilités permettent en particulier de réaliser de nombreuses actions malveillantes depuis une machine virtuelle vers une machine hôte.

Solution

Se référer au bulletin de sécurité VMSA-2009-0005 du 3 avril 2009 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ESX 3.0.3 ne disposant pas de la mise à jour ESXe350-200811401-BG ;
VMware	N/A	VMware Player 2.5.1 et versions antérieures ;
VMware	N/A	VMware Server 1.0.8 et versions antérieures ;
VMware	N/A	VMware ESX 3.0.2 ne disposant pas de la mise à jour ESX-1006980.
VMware	N/A	VMware ACE 2.5.1 et versions antérieures ;
VMware	N/A	VMware Workstation 6.5.1 et versions antérieures ;
VMware	N/A	VMware Server 2.0 ;
VMware	ESXi	VMware ESXi 3.5 ne disposant pas des mises à jour ESXe350-200811401-SG et ESXe350-200903201-UG ;
VMware	ESXi	VMware ESXi 3.5 ne disposant pas des mises à jour ESXe350-200811401-O-SG et ESXe350-200903201-O-UG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMSA-2009-0005 du 3 avril 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX 3.0.3 ne disposant pas de la mise \u00e0 jour ESXe350-200811401-BG ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 2.5.1 et versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Server 1.0.8 et versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.0.2 ne disposant pas de la mise \u00e0 jour ESX-1006980.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ACE 2.5.1 et versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 6.5.1 et versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Server 2.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 3.5 ne disposant pas des mises \u00e0 jour ESXe350-200811401-SG et ESXe350-200903201-UG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 3.5 ne disposant pas des mises \u00e0 jour ESXe350-200811401-O-SG et ESXe350-200903201-O-UG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Ces vuln\u00e9rabilit\u00e9s permettent en particulier de r\u00e9aliser de\nnombreuses actions malveillantes depuis une machine virtuelle vers une\nmachine h\u00f4te.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 VMSA-2009-0005 du 3 avril 2009 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1146"
    },
    {
      "name": "CVE-2008-4916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4916"
    },
    {
      "name": "CVE-2008-3761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3761"
    },
    {
      "name": "CVE-2009-0910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0910"
    },
    {
      "name": "CVE-2009-0909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0909"
    },
    {
      "name": "CVE-2009-1244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1244"
    },
    {
      "name": "CVE-2009-0908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0908"
    },
    {
      "name": "CVE-2009-1147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1147"
    },
    {
      "name": "CVE-2009-0518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0518"
    },
    {
      "name": "CVE-2009-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0177"
    }
  ],
  "initial_release_date": "2009-04-14T00:00:00",
  "last_revision_date": "2009-04-14T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-137",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser un grand\nnombre d\u0027actions malveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits VMWare",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMSA-2009-0005 du 3 avril 2009",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-1244 (GCVE-0-2009-1244)

Vulnerability from cvelistv5

CERTA-2009-AVI-137

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature