Lucene search
UbuntuUSN-6463-2HistoryDec 06, 2023 - 12:00 a.m.
Open VM Tools vulnerabilities
2023-12-0600:00:00
ubuntu.com
25
ubuntu 18.04 esm
ubuntu 16.04 esm
open vm tools
saml tokens
file descriptors
privilege elevation
hijack
guest operations
Releases
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- open-vm-tools - Open VMware Tools for virtual machines hosted on VMware
Details
USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides
the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that Open VM Tools incorrectly handled SAML tokens. A
remote attacker with Guest Operations privileges could possibly use this
issue to elevate their privileges. (CVE-2023-34058)
Matthias Gerstner discovered that Open VM Tools incorrectly handled file
descriptors when dropping privileges. A local attacker could possibly use
this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | open-vm-tools | < 2:11.0.5-4ubuntu0.18.04.3+esm3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | open-vm-tools | < 2:11.0.5-4ubuntu0.18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | open-vm-tools-dbgsym | < 2:11.0.5-4ubuntu0.18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | open-vm-tools-desktop | < 2:11.0.5-4ubuntu0.18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | open-vm-tools-desktop-dbgsym | < 2:11.0.5-4ubuntu0.18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | open-vm-tools-dev | < 2:11.0.5-4ubuntu0.18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | open-vm-tools-desktop | < 2:11.0.5-4ubuntu0.18.04.3+esm3 | UNKNOWN |
| Ubuntu | 16.04 | noarch | open-vm-tools | < 2:10.2.0-3~ubuntu0.16.04.1+esm4 | UNKNOWN |
| Ubuntu | 16.04 | noarch | open-vm-tools | < 2:10.2.0-3~ubuntu0.16.04.1 | UNKNOWN |
| Ubuntu | 16.04 | noarch | open-vm-tools-dbgsym | < 2:10.2.0-3~ubuntu0.16.04.1 | UNKNOWN |
Related
nessus
nessus
RHEL 9 : open-vm-tools (RHSA-2023:7267)
2023-11-15 00:00:00
Debian DSA-5543-1 : open-vm-tools - security update
2023-11-01 00:00:00
Debian DLA-3646-1 : open-vm-tools - LTS security update
2023-11-06 00:00:00
ubuntu
ubuntu
Open VM Tools vulnerabilities
2023-10-31 00:00:00
redhat
redhat
(RHSA-2023:7263) Important: open-vm-tools security update
2023-11-15 17:58:52
(RHSA-2023:7261) Important: open-vm-tools security update
2023-11-15 17:53:56
(RHSA-2023:7264) Important: open-vm-tools security update
2023-11-15 17:59:38
osv
osv
open-vm-tools vulnerabilities
2023-12-06 09:43:32
Important: open-vm-tools security update
2023-11-15 00:00:00
open-vm-tools vulnerabilities
2023-10-31 14:47:07
openvas
openvas
Fedora: Security Advisory for open-vm-tools (FEDORA-2023-86a50ffc72)
2023-11-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4228-1)
2023-10-30 00:00:00
Ubuntu: Security Advisory (USN-6463-2)
2023-12-07 00:00:00
oraclelinux
oraclelinux
open-vm-tools security update
2023-11-16 00:00:00
open-vm-tools security update
2023-11-21 00:00:00
open-vm-tools security update
2023-11-16 00:00:00
centos
centos
open security update
2024-01-12 19:15:38
fedora
fedora
[SECURITY] Fedora 38 Update: open-vm-tools-12.3.0-3.fc38
2023-11-08 01:40:15
[SECURITY] Fedora 39 Update: open-vm-tools-12.3.0-3.fc39
2023-11-08 01:27:44
[SECURITY] Fedora 37 Update: open-vm-tools-12.3.0-3.fc37
2023-11-08 01:21:13
freebsd
freebsd
open-vm-tools -- Multiple vulnerabilities
2023-10-26 00:00:00
almalinux
almalinux
Important: open-vm-tools security update
2023-11-15 00:00:00
Important: open-vm-tools security update
2023-11-15 00:00:00
rocky
rocky
open-vm-tools security update
2023-11-28 22:43:02
amazon
amazon
Important: open-vm-tools
2023-10-30 23:59:00
debian
debian
[SECURITY] [DLA 3646-1] open-vm-tools security update
2023-11-05 22:18:29
[SECURITY] [DSA 5543-1] open-vm-tools security update
2023-10-31 19:29:14
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0499
2023-10-27 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0127
2023-10-27 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0675
2023-10-27 00:00:00
mageia
mageia
Updated open-vm-tools packages fix security vulnerabilities
2024-03-14 20:25:59
cvelist
cvelist
CVE-2023-34058
2023-10-27 04:53:09
CVE-2023-34059
2023-10-27 04:53:31
cbl_mariner
cbl_mariner
prion
prion
Design/Logic Flaw
2023-10-27 05:15:00
Security feature bypass
2023-10-27 05:15:00
debiancve
debiancve
CVE-2023-34059
2023-10-27 05:15:39
CVE-2023-34058
2023-10-27 05:15:38
cve
cve
CVE-2023-34059
2023-10-27 05:15:39
CVE-2023-34058
2023-10-27 05:15:38
redhatcve
redhatcve
CVE-2023-34058
2023-10-30 13:43:11
CVE-2023-34059
2023-10-30 13:43:17
veracode
veracode
SAML Token Signature Bypass
2023-10-29 13:19:59
Privilege Escalation
2023-10-29 13:25:45
ubuntucve
ubuntucve
CVE-2023-34058
2023-10-26 00:00:00
CVE-2023-34059
2023-10-26 00:00:00
f5
f5
K000138114 : open-vm-tools vulnerability CVE-2023-34058
2024-01-02 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-01-17 10:00:35
