open-vm-tools-12.2.5-3.el9_3.2.ML.1
エラータID: AXSA:2024-7395:02
The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.
Security Fix(es):
* open-vm-tools: SAML token signature bypass (CVE-2023-34058)
* open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper (CVE-2023-34059)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A95... in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479... .
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
Update packages.
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
N/A
SRPMS
- open-vm-tools-12.2.5-3.el9_3.2.ML.1.src.rpm
MD5: 36ebd154c017e16c2f856f9eccba6fe2
SHA-256: c6b4322d00d104cb95be0d7fa3a7ff41d097b5b8502429f96e54a49e623f37ec
Size: 4.16 MB
Asianux Server 9 for x86_64
- open-vm-tools-12.2.5-3.el9_3.2.ML.1.x86_64.rpm
MD5: 67b0f2e32eea5088ca12d6052071c963
SHA-256: 1ce8a28941fae8b59bd880712a863724f8b866eba31e1e5d5c0df44b1093272c
Size: 855.41 kB - open-vm-tools-desktop-12.2.5-3.el9_3.2.ML.1.x86_64.rpm
MD5: 736b5339a22f3fd7d3dfba9111a7ea89
SHA-256: b761cb547a346e175dcac7f01bd85663a4299615cbe0730ef29ff2ccd510c51d
Size: 158.54 kB - open-vm-tools-salt-minion-12.2.5-3.el9_3.2.ML.1.x86_64.rpm
MD5: be086a4fd3eceb2a4762dbe6a08ee7d7
SHA-256: 169d7e9bf7129c92b5b998b1253a3c175551f5ba64859a7cacb89744c22d155c
Size: 22.92 kB - open-vm-tools-sdmp-12.2.5-3.el9_3.2.ML.1.x86_64.rpm
MD5: d81bf65838af3ac3cf35616c2e31a565
SHA-256: bc5e2fc52aaafeb48fd1a62e49c6cd9a21546c27447a7d2f5ec0d83537625ea1
Size: 24.79 kB - open-vm-tools-test-12.2.5-3.el9_3.2.ML.1.x86_64.rpm
MD5: 96fe3d353af20b66d235436fbfa3ca29
SHA-256: 5ce28f8cc04a8ab26cedd2d811eaea9dfb110aa1a619473e08b241f6f738ab36
Size: 16.57 kB