Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-3733

Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.

Published

2009-11-02T15:30:00.813

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	esx	3.0.3	Yes
Application	vmware	esx	3.5	Yes
Application	vmware	esxi	3.5	Yes
Application	vmware	server	1.0	Yes
Application	vmware	server	1.0.1	Yes
Application	vmware	server	1.0.1_build_29996	Yes
Application	vmware	server	1.0.2	Yes
Application	vmware	server	1.0.3	Yes
Application	vmware	server	1.0.4	Yes
Application	vmware	server	1.0.4_build_56528	Yes
Application	vmware	server	1.0.5	Yes
Application	vmware	server	1.0.6	Yes
Application	vmware	server	1.0.7	Yes
Application	vmware	server	1.0.8	Yes
Application	vmware	server	1.0.9	Yes
Application	vmware	server	2.0.0	Yes
Application	vmware	server	2.0.1	Yes
Operating System	linux	linux_kernel	-	No

References

http://lists.vmware.com/pipermail/security-announce/2009/000069.html Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/37186 Broken Link ([email protected])
http://security.gentoo.org/glsa/glsa-201209-25.xml Third Party Advisory ([email protected])
http://securitytracker.com/id?1023088 Third Party Advisory, VDB Entry ([email protected])
http://securitytracker.com/id?1023089 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/507523/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/36842 Third Party Advisory, VDB Entry ([email protected])
http://www.vmware.com/security/advisories/VMSA-2009-0015.html Patch, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/3062 Patch, Vendor Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822 Third Party Advisory ([email protected])
http://lists.vmware.com/pipermail/security-announce/2009/000069.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37186 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201209-25.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023088 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023089 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507523/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/36842 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2009-0015.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3062 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)