CVE-2009-1146
First published: Mon Apr 06 2009(Updated: )
Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ACE | <=2.5.1 | |
| VMware ACE | =1.0 | |
| VMware Player | <=2.5.1 | |
| VMware Player | =1.0.7 | |
| VMware ACE | =2.0.5 | |
| VMware ACE | =1.0.1 | |
| VMware ACE | =1.0.7 | |
| VMware Workstation and ESXi | =5.5.6 | |
| VMware Player | =1.0.6 | |
| VMware Server | =1.0.1 | |
| VMware Player | =2.0.1 | |
| VMware Player | =2.0.2 | |
| VMware Player | =1.0.2 | |
| VMware Player | =2.0.4 | |
| VMware Server | =1.0.2 | |
| VMware Workstation and ESXi | =5.5.8 | |
| VMware Server | =1.0.8 | |
| VMware Workstation and ESXi | =5.5.5 | |
| VMware ACE | =2.0.2 | |
| VMware Workstation and ESXi | =4.0 | |
| VMware Workstation and ESXi | =1.1.1 | |
| VMware Workstation and ESXi | =1.0.5 | |
| VMware ACE | =2.0 | |
| VMware Workstation and ESXi | =6.5 | |
| VMware Server | =1.0.4 | |
| VMware ACE | =2.0.1 | |
| VMware Server | =1.0.7 | |
| VMware ACE | =1.0.2 | |
| VMware Workstation and ESXi | =5 | |
| VMware Workstation and ESXi | =6.0 | |
| VMware Player | =2.5 | |
| VMware ACE | =1.0.0 | |
| VMware Workstation and ESXi | =5.5.3 | |
| VMware Player | =1.0.8 | |
| VMware Player | =1.0.3 | |
| VMware Workstation and ESXi | =4.0.1 | |
| VMware Player | =2.0.3 | |
| VMware Workstation and ESXi | =5.5.2 | |
| VMware Workstation and ESXi | =6.0.1 | |
| VMware Workstation and ESXi | =3.4 | |
| VMware Workstation and ESXi | =2.0.1 | |
| VMware Workstation and ESXi | =5.5 | |
| VMware Player | =1.0.1 | |
| VMware Player | =1.0.4 | |
| VMware Workstation and ESXi | =1.1 | |
| VMware Workstation and ESXi | =6.0.2 | |
| VMware Workstation and ESXi | =5.5.7 | |
| VMware Workstation and ESXi | =4.0.2 | |
| VMware Player | =1.0.5 | |
| VMware Workstation and ESXi | =6.0.5 | |
| VMware ACE | =1.0.4 | |
| VMware Server | =2.0 | |
| VMware Workstation and ESXi | =3.2.1-patch1 | |
| VMware Workstation and ESXi | =6.0.4 | |
| VMware ACE | =1.0.3 | |
| VMware ACE | =2.5.0 | |
| VMware Workstation and ESXi | =5.5.1 | |
| VMware Server | =1.0.3 | |
| VMware Server | =1.0.6 | |
| VMware ACE | =2.0.3 | |
| VMware Workstation and ESXi | =2.0 | |
| VMware ACE | =2.0.4 | |
| VMware Player | =2.0 | |
| VMware Player | =2.0.5 | |
| VMware Workstation and ESXi | =1.0.4 | |
| VMware Workstation and ESXi | =1.1.2 | |
| VMware Workstation and ESXi | <=6.5.1 | |
| VMware Server | =1.0 | |
| VMware ACE | =1.0.5 | |
| VMware Workstation and ESXi | =5.5.4 | |
| VMware Workstation and ESXi | =6.0.3 | |
| VMware Workstation and ESXi | =1.0.1 | |
| VMware ACE | =1.0.6 | |
| VMware Workstation and ESXi | =1.0.2 | |
| VMware Player | =1.0.0 | |
| VMware Server | =1.0.5 | |
| VMware Workstation and ESXi | =4.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.vmware.com/pipermail/security-announce/2009/000054.html
- http://seclists.org/fulldisclosure/2009/Apr/0036.html
- http://www.securityfocus.com/bid/34373
- http://www.securitytracker.com/id?1021977
- http://www.vmware.com/security/advisories/VMSA-2009-0005.html
- http://www.vupen.com/english/advisories/2009/0944
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310
Frequently Asked Questions
What is the severity of CVE-2009-1146?
CVE-2009-1146 is considered a denial of service vulnerability that affects multiple VMware products.
How do I fix CVE-2009-1146?
To fix CVE-2009-1146, update your VMware Workstation, Player, ACE, or Server to the latest versions as specified in the security advisories.
Which VMware products are affected by CVE-2009-1146?
CVE-2009-1146 affects VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9.
Can remote users exploit CVE-2009-1146?
CVE-2009-1146 is a local vulnerability, meaning it requires local user access for exploitation.
What could happen if CVE-2009-1146 is exploited?
Exploitation of CVE-2009-1146 could lead to a denial of service condition for the affected VMware application.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/vmware
- canonical/vmware ace
- version/vmware ace/2.5.1
- version/vmware ace/1.0
- canonical/vmware player
- version/vmware player/2.5.1
- version/vmware player/1.0.7
- version/vmware ace/2.0.5
- version/vmware ace/1.0.1
- version/vmware ace/1.0.7
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/5.5.6
- version/vmware player/1.0.6
- canonical/vmware server
- version/vmware server/1.0.1
- version/vmware player/2.0.1
- version/vmware player/2.0.2
- version/vmware player/1.0.2
- version/vmware player/2.0.4
- version/vmware server/1.0.2
- version/vmware workstation and esxi/5.5.8
- version/vmware server/1.0.8
- version/vmware workstation and esxi/5.5.5
- version/vmware ace/2.0.2
- version/vmware workstation and esxi/4.0
- version/vmware workstation and esxi/1.1.1
- version/vmware workstation and esxi/1.0.5
- version/vmware ace/2.0
- version/vmware workstation and esxi/6.5
- version/vmware server/1.0.4
- version/vmware ace/2.0.1
- version/vmware server/1.0.7
- version/vmware ace/1.0.2
- version/vmware workstation and esxi/5
- version/vmware workstation and esxi/6.0
- version/vmware player/2.5
- version/vmware ace/1.0.0
- version/vmware workstation and esxi/5.5.3
- version/vmware player/1.0.8
- version/vmware player/1.0.3
- version/vmware workstation and esxi/4.0.1
- version/vmware player/2.0.3
- version/vmware workstation and esxi/5.5.2
- version/vmware workstation and esxi/6.0.1
- version/vmware workstation and esxi/3.4
- version/vmware workstation and esxi/2.0.1
- version/vmware workstation and esxi/5.5
- version/vmware player/1.0.1
- version/vmware player/1.0.4
- version/vmware workstation and esxi/1.1
- version/vmware workstation and esxi/6.0.2
- version/vmware workstation and esxi/5.5.7
- version/vmware workstation and esxi/4.0.2
- version/vmware player/1.0.5
- version/vmware workstation and esxi/6.0.5
- version/vmware ace/1.0.4
- version/vmware server/2.0
- version/vmware workstation and esxi/3.2.1-patch1
- version/vmware workstation and esxi/6.0.4
- version/vmware ace/1.0.3
- version/vmware ace/2.5.0
- version/vmware workstation and esxi/5.5.1
- version/vmware server/1.0.3
- version/vmware server/1.0.6
- version/vmware ace/2.0.3
- version/vmware workstation and esxi/2.0
- version/vmware ace/2.0.4
- version/vmware player/2.0
- version/vmware player/2.0.5
- version/vmware workstation and esxi/1.0.4
- version/vmware workstation and esxi/1.1.2
- version/vmware workstation and esxi/6.5.1
- version/vmware server/1.0
- version/vmware ace/1.0.5
- version/vmware workstation and esxi/5.5.4
- version/vmware workstation and esxi/6.0.3
- version/vmware workstation and esxi/1.0.1
- version/vmware ace/1.0.6
- version/vmware workstation and esxi/1.0.2
- version/vmware player/1.0.0
- version/vmware server/1.0.5
- version/vmware workstation and esxi/4.5.2