Ubuntu Security Notice 6365-2 - USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.
e021010be0de73a4f28b80b4129ed427ea5f99b587b311842f8a521eb0fe74f4==========================================================================
Ubuntu Security Notice USN-6365-2
September 25, 2023
open-vm-tools vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Open VM Tools could allow unintended access to network services.
Software Description:
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware
Details:
USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that Open VM Tools incorrectly handled SAML tokens. A
remote attacker could possibly use this issue to bypass SAML token
signature verification and perform VMware Tools Guest Operations.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
open-vm-tools 2:11.0.5-4ubuntu0.18.04.3+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
open-vm-tools 2:10.2.0-3~ubuntu0.16.04.1+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6365-2
https://ubuntu.com/security/notices/USN-6365-1
CVE-2023-20900
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed