CVE-2009-1143

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugs.gentoo.org/264577	Issue Tracking Patch Third Party Advisory
https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848	Release Notes Third Party Advisory
https://bugs.gentoo.org/264577	Issue Tracking Patch Third Party Advisory
https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848	Release Notes Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:vmware:open-vm-tools:2009.03.18-154848:*:*:*:*:*:*:*

History

21 Nov 2024, 01:01

Type	Values Removed	Values Added
References	~~() https://bugs.gentoo.org/264577 - Issue Tracking, Patch, Third Party Advisory~~	() https://bugs.gentoo.org/264577 - Issue Tracking, Patch, Third Party Advisory
References	~~() https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 - Release Notes, Third Party Advisory~~	() https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 - Release Notes, Third Party Advisory

28 Nov 2022, 18:22

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.0
References	~~(MISC) https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 -~~	(MISC) https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 - Release Notes, Third Party Advisory
References	~~(MISC) https://bugs.gentoo.org/264577 -~~	(MISC) https://bugs.gentoo.org/264577 - Issue Tracking, Patch, Third Party Advisory
CWE		CWE-59
CPE		cpe:2.3:a:vmware:open-vm-tools:2009.03.18-154848:::::::*

23 Nov 2022, 18:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-23 18:15

Updated : 2025-04-25 21:15

NVD link : CVE-2009-1143

Mitre link : CVE-2009-1143

CVE.ORG link : CVE-2009-1143

JSON object : View

Products Affected

vmware

open-vm-tools

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2009-1143", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2022-11-23T18:15:10.823", "references": [{"url": "https://bugs.gentoo.org/264577", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.gentoo.org/264577", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter)."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en open-vm-tools 2009.03.18-154848. Los usuarios locales pueden hacer una omisi\u00f3n sobre las restricciones de acceso previstas para el montaje de recursos compartidos mediante un ataque de symlink que aprovecha una condici\u00f3n ejecuci\u00f3n de realpath en mount.vmhgfs (tambi\u00e9n conocido como hgfsmounter)."}], "lastModified": "2025-04-25T21:15:16.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:open-vm-tools:2009.03.18-154848:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6F6BD47-6036-42F3-AA0A-659F2D9F88CE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}