CVSS: 5.0EPSS: 95%CPEs: 18EXPL: 1CVE-2009-3733 – VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal
https://notcve.org/view.php?id=CVE-2009-3733
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en VMware Server v1.x anteriores a v1.0.10 build 203137 y v2.x anteriores a v2.0.2 build 203138 en Linux, VMware ESXi v3.5 y VMware ESX v3.0.3 y v3.5 permite a atacantes remotos leer ficheros de su elección a través de vectores de ataque sin especificar. • https://www.exploit-db.com/exploits/33310 http://lists.vmware.com/pipermail/security-announce/2009/000069.html http://secunia.com/advisories/37186 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securitytracker.com/id?1023088 http://securitytracker.com/id?1023089 http://www.securityfocus.com/archive/1/507523/100/0/threaded http://www.securityfocus.com/bid/36842 http://www.vmware.com/security/advisories/VMSA-2009-0015.html http://www.vupen.com/english/advisories/2009&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.9EPSS: 0%CPEs: 34EXPL: 2CVE-2009-2267 – VMware Virtual 8086 - Linux Local Ring0
https://notcve.org/view.php?id=CVE-2009-2267
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register. VMware Workstation v6.5.x anteriores a v6.5.3 build 185404, VMware Player v2.5.x anteriores a v2.5.3 build 185404, VMware ACE v2.5.x anteriores a v2.5.3 build 185404, VMware Server v1.x anteriores a v1.0.10 build 203137 and v2.x anteriores a v2.0.2 build 203138, VMware Fusion v2.x anteriores a v2.0.6 build 196839, VMware ESXi v3.5 y v4.0, y VMware ESX v2.5.5, v3.0.3, v3.5 y v4.0, cuando el modo Virtual-8086 es usado, no asigna adecuadamente el código de excepción para una excepción de fallo de página (también conocido como #PF), lo que permite a usuarios del SO anfitrión obtener privilegios en el SO anfitrión especificando un valor modificado para el registro cs. • https://www.exploit-db.com/exploits/10207 http://lists.vmware.com/pipermail/security-announce/2009/000069.html http://secunia.com/advisories/37172 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securitytracker.com/id?1023082 http://securitytracker.com/id?1023083 http://www.securityfocus.com/archive/1/507523/100/0/threaded http://www.securityfocus.com/archive/1/507539/100/0/threaded http://www.securityfocus.com/bid/36841 http://www.vmware.com/security/advisories/VM •
CVSS: 5.0EPSS: 47%CPEs: 24EXPL: 2CVE-2009-3707 – VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-3707
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information. VMware Authentication Daemon versión 1.0 en el archivo vmware-authd.exe en el Servicio de Autorización de VMware en VMware Workstation versiones 7.0 anteriores a 7.0.1 build 227600 y versiones 6.5.x anteriores a 6.5.4 build 246459, VMware Player versiones 3.0 anteriores a 3.0.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, VMware ACE versiones 2.6 anteriores a 2.6.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, y VMware Server versiones 2.x, permite a los atacantes remotos causar una denegación de servicio (bloqueo del proceso) por medio de una secuencia de \x25\xFF en los comandos USER y PASS, relacionada con un problema de "format string DoS". NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/33271 http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/36988 http://secunia.com/advisories/39206 http://secunia.com/advisories/39215 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securitytracker.com/id?1022997 http://www.securityfocus.com/bid/36630 htt • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.2EPSS: 96%CPEs: 22EXPL: 0CVE-2009-1072 – kernel: nfsd should drop CAP_MKNOD for non-root
https://notcve.org/view.php?id=CVE-2009-1072
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. nfsd en el Kernel de Linux anteriores a la v2.6.28.9 no detiene la capacidad de CAP_MKNOD antes del manejo de una petición de usuario en un hilo, lo que permite a usuarios locales crear nodos de dispositivo, como se ha demostrado en un sistema de ficheros que ha sido exportado con la opción root_squash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://secunia.com/advisories/34422 http://secunia.com/advisories/34432 http://sec • CWE-16: Configuration •
CVSS: 7.1EPSS: 1%CPEs: 358EXPL: 1CVE-2009-0778 – kernel: rt_cache leak leads to lack of network connectivity
https://notcve.org/view.php?id=CVE-2009-0778
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." La función icmp_send en net/ipv4/icmp.c en el kernel Linux anerior a v2.6.25, cuando se configura como un router con una ruta RECHAZADA, no gestiona apropiadamente el Protocolo Independiente de Caché de Destino (alias DST) en alguna situación que involucra transmisión de un mensaje ICMP Host inalcanzable, el cual permite a los atacantes remotos causar una denegación de servicio (conectividad parada) enviando una larga serie de paquetes a muchos direcciones IP de destino con esta ruta RECHAZADA, RELATIVA a "rt_cache leak." • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 http://openwall.com/lists/oss-security/2009/03/11/2 http://secunia.com/advisories/33758 http://secunia.com/advisories/37471 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 http://www.redhat.com/support/errata/RHSA-2009-0326.html http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/34084 http:/&#x • CWE-400: Uncontrolled Resource Consumption •