CVE-2023-34059

Published: 27/10/2023 Updated: 27/11/2023

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 0

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware open vm tools
debian debian linux 10.0
debian debian linux 11.0
debian debian linux 12.0

Debian Bug report logs - #1054666 open-vm-tools: CVE-2023-34059 CVE-2023-34058 Package: src:open-vm-tools; Maintainer for src:open-vm-tools is Bernd Zeimetz <bzed@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 27 Oct 2023 16:21:01 UTC Severity: grave Tags: security, upstream Found in versio ...

Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation For the oldstable distribution (bullseye), these problems have been fixed in version 2:1125-2+deb11u3 For the stable distribution (bookworm), these problems have been fixed in version 2:1220-1+deb12u2 We recommend that you upgrade yo ...

Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update ...

Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Secur ...

Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 92 Extended Update SupportRed Hat Product Secur ...

Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Secur ...

Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update ...

Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...

VMware Tools contains a SAML token signature bypass vulnerability A malicious actor that has been granted Guest Operation Privileges docsvmwarecom/en/VMware-vSphere/80/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EChtml in a target virtual machine may be able to elevate their privileges if that target virtual machine has be ...

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...

Hi, On Sun, Nov 26, 2023 at 11:38:50AM -0800, John Helmert III wrote: There seems to be a misunderstanding here It seems I phrased that not properly I did not mean to say that the issue is unfixed As the initial email from VMware states there is a patch and bugfix release available What I wanted to express is that all versions of open-vm-to ...

On Fri, Oct 27, 2023 at 11:57:46AM +0200, Matthias Gerstner wrote: Hm, it looks like there *was* a commit to vmware-user-suid-wrapper that looks very similar to the patch that was linked in the original advisory mail: githubcom/vmware/open-vm-tools/commit/63f7c79c4aecb14d37cc4ce9da509419e31d394f Was that fix insufficient, or maybe wasn ...

NVD-CWE-noinfo https://www.vmware.com/security/advisories/VMSA-2023-0024.html http://www.openwall.com/lists/oss-security/2023/10/27/2 http://www.openwall.com/lists/oss-security/2023/10/27/3 https://www.debian.org/security/2023/dsa-5543 https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/http://www.openwall.com/lists/oss-security/2023/11/26/1 http://www.openwall.com/lists/oss-security/2023/11/27/1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054666 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5543

CVE-2023-34059

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect