oss-sec mailing list archives
Re: CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module
From: Demi Marie Obenour <demi () invisiblethingslab com>
Date: Mon, 16 Oct 2023 10:03:13 -0400
On Mon, Oct 16, 2023 at 03:48:14AM +0200, Solar Designer wrote:
Hi, This was brought to linux-distros on June 6 with "scheduled public disclosure on June 13th, 2023." There's a VMware security advisory that says it was published on that date: https://www.vmware.com/security/advisories/VMSA-2023-0013.html and patches are available at: https://github.com/vmware/open-vm-tools/tree/CVE-2023-20867.patch but the issue was wrongly never brought to oss-security (or at least I couldn't find it) - so I am correcting this now. Quoting from the linux-distros message:Description ============================================================== CVE-2023-20867: VMware Tools contains an Authentication Bypass vulnerability in the vgauth module. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3.1 base score of 3.9 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N. Known Attack Vectors ============================================================== A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the virtual machine.Quoting from the GitHub URL above:The issue has been fixed in the open-vm-tools version 12.2.5 released on June 13, 2023. The following patch provided to the open-vm-tools community can be used to apply the security fix to previous open-vm-tools releases. For releases 12.2.0, 12.1.5, 12.1.0, 12.0.5, 12.0.0, 11.3.5, 11.3.0 2023-20867-Remove-some-dead-code.patch For releases 11.1.0, 11.1.5, 11.2.0, 11.2.5 2023-20867-Remove-some-dead-code-1110-1125.patch For releases 11.0.0, 11.0.5 2023-20867-Remove-some-dead-code-1100-1105.patch For releases 10.3.0, 10.3.5, 10.3.10 2023-20867-Remove-some-dead-code-1030-10310.patch The patches have been tested against the above open-vm-tools releases. Each applies cleanly with: git am for a git repository. patch -p2 in the top directory of an open-vm-tools source tree.Alexander
How is this a vulnerability at all? A compromised ESXi host can compromise the guest already, unless confidential computing technologies are in use. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
Attachment:
signature.asc
Description:
Current thread:
- CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module Solar Designer (Oct 15)
- Re: CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module Demi Marie Obenour (Oct 16)