Headline
CVE-2023-34059: VMSA-2023-0024
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
Advisory ID: VMSA-2023-0024
CVSSv3 Range: 7.5 - 7.8
Issue Date: 2023-10-26
Updated On: 2023-10-26 (Initial Advisory)
CVE(s): CVE-2023-34057, CVE-2023-34058
Synopsis: VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities (CVE-2023-34057, CVE-2023-34058)
****1. Impacted Products****
- VMware Tools
****2. Introduction****
Multiple vulnerabilities in VMware Tools were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
****3a. Local privilege escalation vulnerability in VMware Tools (macOS) (CVE-2023-34057)****
VMware Tools contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
To remediate CVE-2023-34057 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
VMware would like to thank Dan Revah of Google for reporting this issue to us.
****3b. SAML Token Signature Bypass vulnerability in VMware Tools (CVE-2023-34058)****
VMware Tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
To remediate CVE-2023-34058 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
- While the description and known attack vectors are very similar to CVE-2023-20900, CVE-2023-34058 has a different root cause that has now been addressed.
- CVE-2023-34058 also impacts open-vm-tools. Fixes have been provided to the Linux community for distribution.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
VMware Tools
12.x.x, 11.x.x, 10.3.x
macOS
CVE-2023-34057
7.8
important
12.1.1
None
None
VMware Tools
12.x.x, 11.x.x, 10.3.x
Windows
CVE-2023-34057
N/A
N/A
Unaffected
N/A
N/A
VMware Tools
12.x.x, 11.x.x, 10.3.x
macOS
CVE-2023-34058
N/A
N/A
Unaffected
N/A
N/A
VMware Tools
12.x.x, 11.x.x, 10.3.x
Windows
CVE-2023-34058
7.5
important
12.3.5
None
None
****4. References****
****5. Change Log****
**2023-10-26 VMSA-2023-0024
**Initial security advisory.
****6. Contact****
Related news
Ubuntu Security Notice 6463-2 - USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could possibly use this issue to elevate their privileges.
Red Hat Security Advisory 2023-7279-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-7277-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-7276-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-7267-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-7265-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-7264-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-7263-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-7262-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-7261-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-7260-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
Debian Linux Security Advisory 5543-1 - Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation.
Ubuntu Security Notice 6365-2 - USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.
Red Hat Security Advisory 2023-5313-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.
An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20900: An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. This issue may allow a malicious actor with man-in-the-middle (MITM) network positioning between a vCenter server and the virtual machine to bypass SAML token signature verification to perform gues...
Red Hat Security Advisory 2023-5220-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-5216-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-5218-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-5210-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.
An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20900: An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. This issue may allow a malicious actor with man-in-the-middle (MITM) network positioning between a vCenter server and the virtual machine to bypass SAML token signature verification to perform gues...
An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20900: An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. This issue may allow a malicious actor with man-in-the-middle (MITM) network positioning between a vCenter server and the virtual machine to bypass SAML token signature verification to pe...
An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20900: An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. This issue may allow a malicious actor with man-in-the-middle (MI...