Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 23.04 USN-6257-1 Critical: Open VM Tools Authentication Bypass

ubuntu
Calendar Grey July 27, 2023
Dist Ubuntu Esm H88
The latest Ubuntu Security Notice, USN-6257-1, addresses a significant vulnerability in open-vm-tools, providing comprehensive remediation steps for impacted releases.
open-vm-tools could be made to bypass authentication.

Summary

open-vm-tools could be made to bypass authentication.

Software Description:

- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

It was discovered that Open VM Tools incorrectly handled certain

authentication requests. A fully compromised ESXi host can force Open VM

Tools to fail to authenticate host-to-guest operations, impacting the

confidentiality and integrity of the guest virtual machine. (CVE-2023-20867)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
  open-vm-tools                   2:12.1.5-3ubuntu0.23.04.1

Ubuntu 22.04 LTS:
  open-vm-tools                   2:12.1.5-3~ubuntu0.22.04.2

Ubuntu 20.04 LTS:
  open-vm-tools                   2:11.3.0-2ubuntu0~ubuntu20.04.5

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  open-vm-tools                   2:11.0.5-4ubuntu0.18.04.3+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  open-vm-tools                   2:10.2.0-3~ubuntu0.16.04.1+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6257-1

CVE-2023-20867

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6257-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here