7.5 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.0%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2023.3795.1");
script_cve_id("CVE-2023-20900");
script_tag(name:"creation_date", value:"2023-09-27 04:21:57 +0000 (Wed, 27 Sep 2023)");
script_version("2024-02-02T14:37:52+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:52 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:A/AC:H/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-09-06 13:37:21 +0000 (Wed, 06 Sep 2023)");
script_name("SUSE: Security Advisory (SUSE-SU-2023:3795-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:3795-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2023/suse-su-20233795-1/");
script_xref(name:"URL", value:"https://www.vmware.com/security/advisories/VMSA-2023-0019.html");
script_xref(name:"URL", value:"https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0");
script_xref(name:"URL", value:"https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md");
script_xref(name:"URL", value:"https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog");
script_tag(name:"summary", value:"The remote host is missing an update for the 'open-vm-tools' package(s) announced via the SUSE-SU-2023:3795-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for open-vm-tools fixes the following issues:
Update to 12.3.0 (build 22234872) (bsc#1214850)
There are no new features in the open-vm-tools 12.3.0 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
This release integrates CVE-2023-20900 without the need for a patch.
For more information on this vulnerability and its impact on VMware
products, see
[link moved to references].
A tools.conf configuration setting is available to temporaily direct
Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
of ignoring file systems already frozen.
Building of the VMware Guest Authentication Service (VGAuth) using
'xml-security-c' and 'xerces-c' is being deprecated.
A number of Coverity reported issues have been addressed.
A number of GitHub issues and pull requests have been handled.
Please see the Resolves Issues section of the Release Notes.
For issues resolved in this release, see the Resolved Issues section
of the Release Notes.
For complete details, see:
[link moved to references] Release Notes are available at
[link moved to references] The granular changes that have gone into the 12.3.0 release are in the
ChangeLog at
[link moved to references] Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.");
script_tag(name:"affected", value:"'open-vm-tools' package(s) on SUSE Linux Enterprise High Performance Computing 12-SP5, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP Applications 12-SP5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"libvmtools0", rpm:"libvmtools0~12.3.0~4.59.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libvmtools0-debuginfo", rpm:"libvmtools0-debuginfo~12.3.0~4.59.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"open-vm-tools", rpm:"open-vm-tools~12.3.0~4.59.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"open-vm-tools-debuginfo", rpm:"open-vm-tools-debuginfo~12.3.0~4.59.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"open-vm-tools-debugsource", rpm:"open-vm-tools-debugsource~12.3.0~4.59.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"open-vm-tools-desktop", rpm:"open-vm-tools-desktop~12.3.0~4.59.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"open-vm-tools-desktop-debuginfo", rpm:"open-vm-tools-desktop-debuginfo~12.3.0~4.59.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"open-vm-tools-salt-minion", rpm:"open-vm-tools-salt-minion~12.3.0~4.59.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"open-vm-tools-sdmp", rpm:"open-vm-tools-sdmp~12.3.0~4.59.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"open-vm-tools-sdmp-debuginfo", rpm:"open-vm-tools-sdmp-debuginfo~12.3.0~4.59.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
www.suse.com/support/update/announcement/2023/suse-su-20233795-1/
www.vmware.com/security/advisories/VMSA-2023-0019.html
SUSE-SU-2023:3795-1
7.5 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.0%