Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 23.10: 8347-2 Urgent: Open VM Tools Security Flaw Exploitation

ubuntu
Calendar Grey October 31, 2023
Dist Ubuntu Esm H88
Security vulnerabilities in Open VM Tools addressed in Ubuntu 23.10, 23.04, 22.04 LTS, and 20.04 LTS through important updates.
Several security issues were fixed in Open VM Tools.

Summary

Several security issues were fixed in Open VM Tools.

Software Description:

- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

It was discovered that Open VM Tools incorrectly handled SAML tokens. A

remote attacker Guest Operations privileges could possibly use this issue

to escalate privileges. (CVE-2023-34058)

Matthias Gerstner discovered that Open VM Tools incorrectly handled file

descriptors when dropping privileges. A local attacker could possibly use

this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   open-vm-tools                   2:12.3.0-1ubuntu0.1
   open-vm-tools-desktop           2:12.3.0-1ubuntu0.1

Ubuntu 23.04:
   open-vm-tools                   2:12.1.5-3ubuntu0.23.04.3
   open-vm-tools-desktop           2:12.1.5-3ubuntu0.23.04.3

Ubuntu 22.04 LTS:
   open-vm-tools                   2:12.1.5-3~ubuntu0.22.04.4
   open-vm-tools-desktop           2:12.1.5-3~ubuntu0.22.04.4

Ubuntu 20.04 LTS:
   open-vm-tools                   2:11.3.0-2ubuntu0~ubuntu20.04.7
   open-vm-tools-desktop           2:11.3.0-2ubuntu0~ubuntu20.04.7

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6463-1

CVE-2023-34058, CVE-2023-34059

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6463-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here