CVE-2009-3733

Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.vmware.com/pipermail/security-announce/2009/000069.html	Patch Vendor Advisory
http://secunia.com/advisories/37186	Broken Link
http://security.gentoo.org/glsa/glsa-201209-25.xml	Third Party Advisory
http://securitytracker.com/id?1023088	Third Party Advisory VDB Entry
http://securitytracker.com/id?1023089	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/507523/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/36842	Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0015.html	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/3062	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822	Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2009/000069.html	Patch Vendor Advisory
http://secunia.com/advisories/37186	Broken Link
http://security.gentoo.org/glsa/glsa-201209-25.xml	Third Party Advisory
http://securitytracker.com/id?1023088	Third Party Advisory VDB Entry
http://securitytracker.com/id?1023089	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/507523/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/36842	Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0015.html	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/3062	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:esx:3.0.3:::::::*
	cpe:2.3:a:vmware:esx:3.5:::::::*
	cpe:2.3:a:vmware:esxi:3.5:::::::*
	cpe:2.3:a:vmware:server:1.0:::::::*
	cpe:2.3:a:vmware:server:1.0.1:::::::*
	cpe:2.3:a:vmware:server:1.0.1_build_29996:::::::*
	cpe:2.3:a:vmware:server:1.0.2:::::::*
	cpe:2.3:a:vmware:server:1.0.3:::::::*
	cpe:2.3:a:vmware:server:1.0.4:::::::*
	cpe:2.3:a:vmware:server:1.0.4_build_56528:::::::*
	cpe:2.3:a:vmware:server:1.0.5:::::::*
	cpe:2.3:a:vmware:server:1.0.6:::::::*
	cpe:2.3:a:vmware:server:1.0.7:::::::*
	cpe:2.3:a:vmware:server:1.0.8:::::::*
	cpe:2.3:a:vmware:server:1.0.9:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:vmware:server:2.0.0:::::::*
	cpe:2.3:a:vmware:server:2.0.1:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://lists.vmware.com/pipermail/security-announce/2009/000069.html - Patch, Vendor Advisory~~	() http://lists.vmware.com/pipermail/security-announce/2009/000069.html - Patch, Vendor Advisory
References	~~() http://secunia.com/advisories/37186 - Broken Link~~	() http://secunia.com/advisories/37186 - Broken Link
References	~~() http://security.gentoo.org/glsa/glsa-201209-25.xml - Third Party Advisory~~	() http://security.gentoo.org/glsa/glsa-201209-25.xml - Third Party Advisory
References	~~() http://securitytracker.com/id?1023088 - Third Party Advisory, VDB Entry~~	() http://securitytracker.com/id?1023088 - Third Party Advisory, VDB Entry
References	~~() http://securitytracker.com/id?1023089 - Third Party Advisory, VDB Entry~~	() http://securitytracker.com/id?1023089 - Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/archive/1/507523/100/0/threaded - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/archive/1/507523/100/0/threaded - Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/36842 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/36842 - Third Party Advisory, VDB Entry
References	~~() http://www.vmware.com/security/advisories/VMSA-2009-0015.html - Patch, Vendor Advisory~~	() http://www.vmware.com/security/advisories/VMSA-2009-0015.html - Patch, Vendor Advisory
References	~~() http://www.vupen.com/english/advisories/2009/3062 - Patch, Vendor Advisory~~	() http://www.vupen.com/english/advisories/2009/3062 - Patch, Vendor Advisory
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822 - Third Party Advisory~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822 - Third Party Advisory

17 May 2024, 17:27

Type	Values Removed	Values Added
First Time		Linux linux Kernel
CPE	cpe:2.3:o:linux:linux::::::::	cpe:2.3:o:linux:linux_kernel:-:::::::*
References	~~() http://secunia.com/advisories/37186 - Vendor Advisory~~	() http://secunia.com/advisories/37186 - Broken Link
References	~~() http://security.gentoo.org/glsa/glsa-201209-25.xml -~~	() http://security.gentoo.org/glsa/glsa-201209-25.xml - Third Party Advisory
References	~~() http://securitytracker.com/id?1023088 -~~	() http://securitytracker.com/id?1023088 - Third Party Advisory, VDB Entry
References	~~() http://securitytracker.com/id?1023089 -~~	() http://securitytracker.com/id?1023089 - Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/archive/1/507523/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/507523/100/0/threaded - Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/36842 -~~	() http://www.securityfocus.com/bid/36842 - Third Party Advisory, VDB Entry
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822 - Third Party Advisory

Information

Published : 2009-11-02 15:30

Updated : 2024-11-21 01:08

NVD link : CVE-2009-3733

Mitre link : CVE-2009-3733

CVE.ORG link : CVE-2009-3733

JSON object : View

Products Affected

vmware

esxi
server
esx

linux

linux_kernel

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

5.0 /10