ALT Linux Team

Branch c10f1 update on 2023-09-16

2023-09-16

ALT-BU-2023-5678-2

Branch c10f1 update bulletin.

ALT-PU-2023-5642-4

Package open-vm-tools updated to version 12.3.0-alt1 for branch c10f1 in task 329577.

Closed vulnerabilities

Published: 2023-06-13

BDU:2023-03162

Уязвимость модуля vgauth компонента VMware Tools гипервизора VMware ESXi, позволяющая нарушителю оказать влияние на конфиденциальность и целостность защищаемой информации

References:
Published: 2023-08-31

BDU:2023-05064

Уязвимость набора утилит VMware Tools, связанная с возможностью обхода подписи SAML-токена, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.5) Vector: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2009-03-19

BDU:2024-09868

Уязвимость компонента mount.vmhgfs набора модулей для продуктов VMware Open-vm-tools, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-11-23
Modified: 2024-11-21

CVE-2009-1143

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2011-04-10
Modified: 2024-11-21

CVE-2011-1681

vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

Severity: LOW (3.3)
References:
Published: 2022-11-30
Modified: 2024-11-21

CVE-2021-31693

The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2023-06-13
Modified: 2025-03-08

CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

References:
Published: 2023-08-31
Modified: 2024-11-21

CVE-2023-20900

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #35890

Миграция на /run и /run/lock

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top