Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 918407 (CVE-2023-20900, CVE-2023-34058, CVE-2023-34059, VMSA-2023-0019, VMSA-2023-0024) - <app-emulation/open-vm-tools-12.3.5: multiple vulnerabilities
Summary: <app-emulation/open-vm-tools-12.3.5: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2023-20900, CVE-2023-34058, CVE-2023-34059, VMSA-2023-0019, VMSA-2023-0024
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-24 16:46 UTC by John Helmert III
Modified: 2024-11-03 17:39 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-24 16:46:58 UTC 
CVE-2023-20900 (https://www.vmware.com/security/advisories/VMSA-2023-0019.html):

A malicious actor that has been granted  Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged  Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

CVE-2023-34058 (https://www.vmware.com/security/advisories/VMSA-2023-0024.html):

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted  Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged  Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

CVE-2023-34059 (https://www.vmware.com/security/advisories/VMSA-2023-0024.html):

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the 
/dev/uinput file descriptor allowing them to simulate user inputs.

Matthias Gerstner notes that CVE-2023-34059 doesn't seem to be
fixed. Looking closer, it doesn't *seem* like CVE-2023-34058 is fixed
in 12.3.0 either, but rather in 12.3.5? At least the commits only seem
to appear in history just before the 12.3.5 release:

https://github.com/vmware/open-vm-tools/commits/stable-12.3.x
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-26 19:23:05 UTC 
CVE-2023-20900 is fixed in 12.3.0 and 12.3.5, patch is in as 74b6d0d9000eda1a2c8f31c40c725fb0b8520b16.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-26 19:24:46 UTC 
CVE-2023-34058 seems to be fixed in 1bfe23d728b74e08f4f65cd9b0093ca73937003a, which is in 12.3.5.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-26 19:43:29 UTC 
CVE-2023-34059 seemingly has its patch in 12.3.5 too: https://github.com/vmware/open-vm-tools/commit/63f7c79c4aecb14d37cc4ce9da509419e31d394f

Asking for more info from Matthias on oss-security.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-11-03 17:39:14 UTC 
Yes, it seems I misunderstood him and that these are fixed.