[email protected]CVE-2008-3761

HistoryAug 21, 2008 - 5:41 p.m.

CVE-2008-3761

2008-08-2117:41:00

CWE-20

[email protected]

web.nvd.nist.gov

vmware

vulnerability

hcmon.sys

denial of service

ioctl

nvd

method_neither

5.9 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request.

CPENameOperatorVersion
vmware:vmware_workstationvmware vmware workstationeq6.0.0.45731

CPE	Name	Operator	Version
vmware:vmware_workstation	vmware vmware workstation	eq	6.0.0.45731

References

lists.vmware.com/pipermail/security-announce/2009/000054.html

seclists.org/fulldisclosure/2009/Apr/0036.html

securityreason.com/securityalert/4177

www.orange-bat.com/adv/2008/adv.08.17.txt

www.securityfocus.com/bid/30737

www.securityfocus.com/bid/34373

www.securitytracker.com/id?1020715

www.vmware.com/security/advisories/VMSA-2009-0005.html

www.vupen.com/english/advisories/2009/0944

exchange.xforce.ibmcloud.com/vulnerabilities/44539

www.exploit-db.com/exploits/6262

Social References

5.9 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

Related for CVE-2008-3761

prion2 cvelist2 cve1 openvas4 securityvulns2 nessus2 vmware1 seebug2