Security
Headlines

Headlines Latest CVEs

Headline

Ubuntu Security Notice USN-6463-2

Ubuntu Security Notice 6463-2 - USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could possibly use this issue to elevate their privileges.

9 months ago

#vulnerability #mac #ubuntu #vmware

==========================================================================
Ubuntu Security Notice USN-6463-2
December 06, 2023

open-vm-tools vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Open VM Tools.

Software Description:

open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides
the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that Open VM Tools incorrectly handled SAML tokens. A
remote attacker with Guest Operations privileges could possibly use this
issue to elevate their privileges. (CVE-2023-34058)

Matthias Gerstner discovered that Open VM Tools incorrectly handled file
descriptors when dropping privileges. A local attacker could possibly use
this issue to hijack /dev/uinput and simulate user inputs.
(CVE-2023-34059)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
open-vm-tools 2:11.0.5-4ubuntu0.18.04.3+esm3
open-vm-tools-desktop 2:11.0.5-4ubuntu0.18.04.3+esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
open-vm-tools 2:10.2.0-3~ubuntu0.16.04.1+esm4
open-vm-tools-desktop 2:10.2.0-3~ubuntu0.16.04.1+esm4

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6463-2
https://ubuntu.com/security/notices/USN-6463-1
CVE-2023-34058, CVE-2023-34059

Related news

Red Hat Security Advisory 2023-7279-01

Red Hat Security Advisory 2023-7279-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware

Red Hat Security Advisory 2023-7279-01

Red Hat Security Advisory 2023-7279-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware

Red Hat Security Advisory 2023-7276-01

Red Hat Security Advisory 2023-7276-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware

Red Hat Security Advisory 2023-7276-01

Red Hat Security Advisory 2023-7276-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware

Red Hat Security Advisory 2023-7267-01

Red Hat Security Advisory 2023-7267-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware

Red Hat Security Advisory 2023-7267-01

Red Hat Security Advisory 2023-7267-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware

Red Hat Security Advisory 2023-7264-01

Red Hat Security Advisory 2023-7264-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware

Red Hat Security Advisory 2023-7264-01

Red Hat Security Advisory 2023-7264-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware

Red Hat Security Advisory 2023-7263-01

Red Hat Security Advisory 2023-7263-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #linux #red_hat #js #vmware

Red Hat Security Advisory 2023-7263-01

Red Hat Security Advisory 2023-7263-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #linux #red_hat #js #vmware

Red Hat Security Advisory 2023-7262-01

Red Hat Security Advisory 2023-7262-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware #sap

Red Hat Security Advisory 2023-7262-01

Red Hat Security Advisory 2023-7262-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware #sap

Red Hat Security Advisory 2023-7261-01

Red Hat Security Advisory 2023-7261-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware #sap

Red Hat Security Advisory 2023-7261-01

Red Hat Security Advisory 2023-7261-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware #sap

Red Hat Security Advisory 2023-7260-01

Red Hat Security Advisory 2023-7260-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware #sap

Red Hat Security Advisory 2023-7260-01

Red Hat Security Advisory 2023-7260-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

10 months ago

#vulnerability #mac #linux #red_hat #js #vmware #sap

Debian Security Advisory 5543-1

Debian Linux Security Advisory 5543-1 - Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation.

10 months ago

#linux #debian #vmware

Debian Security Advisory 5543-1

Debian Linux Security Advisory 5543-1 - Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation.

10 months ago

#linux #debian #vmware

CVE-2023-34059: VMSA-2023-0024

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

10 months ago

#vulnerability #mac #windows #google #linux #vmware

CVE-2023-34059: VMSA-2023-0024

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

10 months ago

#vulnerability #mac #windows #google #linux #vmware

Packet Storm: Latest News

htmly 2.9.9 Cross Site Scripting

9 hours ago

WordPress LMS 4.2.7 SQL Injection

9 hours ago

Nexus Repository Manager 3 Path Traversal

9 hours ago

Check Point Security Gateways Information Disclosure

9 hours ago

Telerik Report Server 2024 Q1 Authentication Bypass

9 hours ago