Lucene search

K
oraclelinuxOracleLinuxELSA-2023-5217
HistorySep 19, 2023 - 12:00 a.m.

open-vm-tools security update

2023-09-1900:00:00
linux.oracle.com
4
security update
open-vm-tools
fix vmware udev rule
scsi devices
increase timeout
spec file modification
cve-2023-20900
saml token signature bypass
rhel-2413
orabug: 24461968
orabug: 22815019
orabug: 21819156

7.5 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.9%

[11.0.5-3.0.1]

  • fix spaces in vmware udev rule for scsi devices
    [Orabug: 24461968]
  • Fix vmware udev rule in 99-vmware-scsi-timeout.rules file.
    [Orabug: 22815019]
  • Increase timeout for scsi devices on VMWare guests by adding a udev rule.
  • Created a new file 99-vmware-scsi-timeout.rules
  • Modified spec file to install this new file.
    [Orabug: 21819156]
    [11.0.5-3.el7_9.7]
  • ovt-VGAuth-Allow-only-X509-certs-to-verify-the-SAML-toke.patch [RHEL-2413]
  • Resolves: RHEL-2413
    (CVE-2023-20900 open-vm-tools: SAML token signature bypass [rhel-7.9.z])

7.5 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.9%