oss-sec mailing list archives
Re: CVE-2023-34059 - File Descriptor Hijack vulnerability in open-vm-tools
From: Matthias Gerstner <mgerstner () suse de>
Date: Mon, 27 Nov 2023 10:01:16 +0100
Hi, On Sun, Nov 26, 2023 at 11:38:50AM -0800, John Helmert III wrote:
On Fri, Oct 27, 2023 at 11:57:46AM +0200, Matthias Gerstner wrote:Hello list, I want to share my full report for this finding, please find it below. Introduction ============ During a routine review of the setuid-root binary "vmware-user-suid-wrapper" from the open-vm-tools [1] repository I discovered the vulnerability described in this report. The version under review was open-vm-tools version 12.2.0. The setuid-root binary's source code in the open-vm-tools repository did not change since version 10.3.0 (released in 2018), however, so likely most current installations of open-vm-tools are affected by this finding.Hm, it looks like there *was* a commit to vmware-user-suid-wrapper that looks very similar to the patch that was linked in the original advisory mail: https://github.com/vmware/open-vm-tools/commit/63f7c79c4aecb14d37cc4ce9da509419e31d394f Was that fix insufficient, or maybe wasn't there when your mail was sent?
There seems to be a misunderstanding here. It seems I phrased that not properly. I did not mean to say that the issue is unfixed. As the initial email from VMware states there is a patch and bugfix release available. What I wanted to express is that all versions of open-vm-tools ranging from 10.3.0 up until before the bugfix release are likely affected by the issue. Cheers Matthias
Attachment:
signature.asc
Description:
Current thread:
- CVE-2023-34059 - File Descriptor Hijack vulnerability in open-vm-tools VMware Security Response Center (Oct 27)
- Re: CVE-2023-34059 - File Descriptor Hijack vulnerability in open-vm-tools Matthias Gerstner (Oct 27)
- Re: CVE-2023-34059 - File Descriptor Hijack vulnerability in open-vm-tools John Helmert III (Nov 26)
- Re: CVE-2023-34059 - File Descriptor Hijack vulnerability in open-vm-tools Matthias Gerstner (Nov 27)
- Re: CVE-2023-34059 - File Descriptor Hijack vulnerability in open-vm-tools John Helmert III (Nov 26)
- Re: CVE-2023-34059 - File Descriptor Hijack vulnerability in open-vm-tools Matthias Gerstner (Oct 27)