Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Ubuntu 23.10: 8347-2 Urgent: Open VM Tools Security Flaw Exploitation

ubuntu
Calendar Grey October 31, 2023
Dist Ubuntu Esm H88
Security vulnerabilities in Open VM Tools addressed in Ubuntu 23.10, 23.04, 22.04 LTS, and 20.04 LTS through important updates.
Several security issues were fixed in Open VM Tools.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Open VM Tools. Software Description: - open-vm-tools: Open VMware Tools for virtual machines hosted on VMware Details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. (CVE-2023-34058) Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A local attacker could possibly use this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059)

Topics%20covered

Topics Covered

security advisory critical privilege escalation remote access ubuntu open vm tools

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: open-vm-tools 2:12.3.0-1ubuntu0.1 open-vm-tools-desktop 2:12.3.0-1ubuntu0.1 Ubuntu 23.04: open-vm-tools 2:12.1.5-3ubuntu0.23.04.3 open-vm-tools-desktop 2:12.1.5-3ubuntu0.23.04.3 Ubuntu 22.04 LTS: open-vm-tools 2:12.1.5-3~ubuntu0.22.04.4 open-vm-tools-desktop 2:12.1.5-3~ubuntu0.22.04.4 Ubuntu 20.04 LTS: open-vm-tools 2:11.3.0-2ubuntu0~ubuntu20.04.7 open-vm-tools-desktop 2:11.3.0-2ubuntu0~ubuntu20.04.7 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6463-1

CVE-2023-34058, CVE-2023-34059

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6463-1

Topics%20covered

Topics Covered

security advisory critical privilege escalation remote access ubuntu open vm tools

Package Information

https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.3.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.1.5-3ubuntu0.23.04.3 https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.1.5-3~ubuntu0.22.04.4 https://launchpad.net/ubuntu/+source/open-vm-tools/2:11.3.0-2ubuntu0~ubuntu20.04.7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here