Ubuntu 6365-2: Open VM Tools vulnerability
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Open VM Tools could allow unintended access to network services. Software Description: - open-vm-tools: Open VMware Tools for virtual machines hosted on VMware Details: USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): open-vm-tools 2:11.0.5-4ubuntu0.18.04.3+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): open-vm-tools 2:10.2.0-3~ubuntu0.16.04.1+esm3 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6365-2
https://ubuntu.com/security/notices/USN-6365-1
CVE-2023-20900
Package Information