oss-sec mailing list archives
CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module
From: Solar Designer <solar () openwall com>
Date: Mon, 16 Oct 2023 03:48:14 +0200
Hi, This was brought to linux-distros on June 6 with "scheduled public disclosure on June 13th, 2023." There's a VMware security advisory that says it was published on that date: https://www.vmware.com/security/advisories/VMSA-2023-0013.html and patches are available at: https://github.com/vmware/open-vm-tools/tree/CVE-2023-20867.patch but the issue was wrongly never brought to oss-security (or at least I couldn't find it) - so I am correcting this now. Quoting from the linux-distros message:
Description ============================================================== CVE-2023-20867: VMware Tools contains an Authentication Bypass vulnerability in the vgauth module. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3.1 base score of 3.9 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N. Known Attack Vectors ============================================================== A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the virtual machine.
Quoting from the GitHub URL above:
The issue has been fixed in the open-vm-tools version 12.2.5 released on
June 13, 2023.
The following patch provided to the open-vm-tools community can be used
to apply the security fix to previous open-vm-tools releases.
For releases 12.2.0, 12.1.5, 12.1.0, 12.0.5, 12.0.0, 11.3.5, 11.3.0
2023-20867-Remove-some-dead-code.patch
For releases 11.1.0, 11.1.5, 11.2.0, 11.2.5
2023-20867-Remove-some-dead-code-1110-1125.patch
For releases 11.0.0, 11.0.5
2023-20867-Remove-some-dead-code-1100-1105.patch
For releases 10.3.0, 10.3.5, 10.3.10
2023-20867-Remove-some-dead-code-1030-10310.patch
The patches have been tested against the above open-vm-tools releases.
Each applies cleanly with:
git am for a git repository.
patch -p2 in the top directory of an open-vm-tools source tree.
Alexander
Current thread:
- CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module Solar Designer (Oct 15)
- Re: CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module Demi Marie Obenour (Oct 16)