Debian 9671 Published by

An open-vm-tools security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address two security issues.

ELA-999-1 open-vm-tools security update

Package : open-vm-tools
Version : 10.1.5-5055683-4+deb9u6 (jessie), 2:10.1.5-5055683-4+deb9u6 (stretch)

Related CVEs :

The Open Virtual Machine Tools (open-vm-tools) project is an open source
implementation of VMware Tools. It is a suite of virtualization utilities and
drivers to improve the functionality, user experience and administration of
VMware virtual machines.

A file descriptor hijack vulnerability was found in the `vmware-user-suid-wrapper`
command. A malicious actor with non-root privileges might have been able
to hijack the `block` file descriptor. Compared to the most recent upstream version,
the `uinput` file descriptor hijack vulnerability was not present (this file descriptor
was added latter for supporting Wayland).

A SAML Token Signature Bypass vulnerability was found in VGAUTH component.
A malicious actor that has been granted Guest Operation Privileges
in a target virtual machine might have been able to
elevate their privileges if that target
virtual machine has been assigned a more privileged Guest Alias.

This update fixes CVE-2023-34058 and CVE-2023-34059 for Stretch, but fix only
CVE-2023-34058 for Jessie. Indeed, vulnerable code (VGAUTH component) was introduced
later in 9.10.0 upstream version, and thus Jessie was not vulnerable to attack exposed
in CVE-2023-34059.

ELA-999-1 open-vm-tools security update