An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
References
Link | Resource |
---|---|
https://bugs.gentoo.org/264577 | Issue Tracking Patch Third Party Advisory |
https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 | Release Notes Third Party Advisory |
https://bugs.gentoo.org/264577 | Issue Tracking Patch Third Party Advisory |
https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 | Release Notes Third Party Advisory |
Configurations
History
21 Nov 2024, 01:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugs.gentoo.org/264577 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 - Release Notes, Third Party Advisory |
28 Nov 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
References | (MISC) https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 - Release Notes, Third Party Advisory | |
References | (MISC) https://bugs.gentoo.org/264577 - Issue Tracking, Patch, Third Party Advisory | |
CWE | CWE-59 | |
CPE | cpe:2.3:a:vmware:open-vm-tools:2009.03.18-154848:*:*:*:*:*:*:* |
23 Nov 2022, 18:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-23 18:15
Updated : 2024-11-21 01:01
NVD link : CVE-2009-1143
Mitre link : CVE-2009-1143
CVE.ORG link : CVE-2009-1143
JSON object : View
Products Affected
vmware
- open-vm-tools
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')