oss-sec mailing list archives
[CVE-2015-5191] local privilege escalation in Open VMware Tools
From: VMware Security Response Center <security () vmware com>
Date: Mon, 24 Jul 2017 20:20:40 +0000
Open VMware Tools (CVE-2015-5191) contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation may result in a local privilege escalation. The impact of this vulnerability is low for distributions which have enabled PrivateTmp for the affected service. Fixes/References -------------- 9.10.x – https://github.com/vmware/open-vm-tools/commit/c1304ce8bfd9c0c33999e496bf7049d5c3d45821 10.0.x - https://github.com/vmware/open-vm-tools/commit/b3068b04880eda4ca3e13f2d34fb8ce336ad1a4f 10.1.x - https://github.com/vmware/open-vm-tools/commit/22e58289f71232310d30cf162b83b5151a937bac We would like to thank Florian Weimer and Kurt Seifried of Red Hat Product Security for reporting this issue to us. -------------- Edward Hawkins Senior Program Manager, Security Response security () vmware com
Current thread:
- [CVE-2015-5191] local privilege escalation in Open VMware Tools VMware Security Response Center (Jul 24)