open-vm-tools-11.0.5-3.el7.7
エラータID: AXSA:2023-6398:07
リリース日:
2023/09/20 Wednesday - 01:57
題名:
open-vm-tools-11.0.5-3.el7.7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- open-vm-tools には、SAML トークン署名の検証処理を迂回できてしまう
問題があるため、近隣ネットワーク上の攻撃者により、不正なゲスト OS
の操作を可能とする脆弱性が存在します。(CVE-2023-20900)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-20900
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
追加情報:
N/A
ダウンロード:
SRPMS
- open-vm-tools-11.0.5-3.el7.7.src.rpm
MD5: cd78a8eaf26f22728e847cac576531b7
SHA-256: f1d0fc3ec781b0c11c6f19aea54fc7bfa69102848523b85f01af540e042f071e
Size: 3.82 MB
Asianux Server 7 for x86_64
- open-vm-tools-11.0.5-3.el7.7.x86_64.rpm
MD5: 009b20ef5f3b2826ef76d71c8e21dd7b
SHA-256: b04b9076fb3f2f6c7aacf30bf7f5c4afde701a003bf81a0c7fc72af13f2c361e
Size: 676.38 kB - open-vm-tools-desktop-11.0.5-3.el7.7.x86_64.rpm
MD5: 309f9d5ff9f4887f0e4c390cb4e3d6cb
SHA-256: 4591daaab9fb676c3283e8922ff118922f5adbee8923effe031b6197c8f5a25f
Size: 179.14 kB