Ubuntu Security Notice USN-6463-1

Ubuntu Security Notice USN-6463-1: Posted Nov 13, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6463-1 - It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A local attacker could possibly use this issue to hijack /dev/uinput and simulate user inputs.; tags | advisory, remote, local; systems | linux, ubuntu; advisories | CVE-2023-34058, CVE-2023-34059; SHA-256 | a4da15fc219bf81c75561d0fc1ba953d4a02dafa38a0ac2d8968573aed6c9a0c; Download | Favorite | View

Ubuntu Security Notice USN-6463-1

==========================================================================
Ubuntu Security Notice USN-6463-1
October 31, 2023

open-vm-tools vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Open VM Tools.

Software Description:
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

It was discovered that Open VM Tools incorrectly handled SAML tokens. A
remote attacker Guest Operations privileges could possibly use this issue
to escalate privileges. (CVE-2023-34058)

Matthias Gerstner discovered that Open VM Tools incorrectly handled file
descriptors when dropping privileges. A local attacker could possibly use
this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   open-vm-tools                   2:12.3.0-1ubuntu0.1
   open-vm-tools-desktop           2:12.3.0-1ubuntu0.1

Ubuntu 23.04:
   open-vm-tools                   2:12.1.5-3ubuntu0.23.04.3
   open-vm-tools-desktop           2:12.1.5-3ubuntu0.23.04.3

Ubuntu 22.04 LTS:
   open-vm-tools                   2:12.1.5-3~ubuntu0.22.04.4
   open-vm-tools-desktop           2:12.1.5-3~ubuntu0.22.04.4

Ubuntu 20.04 LTS:
   open-vm-tools                   2:11.3.0-2ubuntu0~ubuntu20.04.7
   open-vm-tools-desktop           2:11.3.0-2ubuntu0~ubuntu20.04.7

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6463-1
   CVE-2023-34058, CVE-2023-34059

Package Information:
   https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.3.0-1ubuntu0.1
   https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.1.5-3ubuntu0.23.04.3
   https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.1.5-3~ubuntu0.22.04.4
 
https://launchpad.net/ubuntu/+source/open-vm-tools/2:11.3.0-2ubuntu0~ubuntu20.04.7

Top Authors In Last 30 Days

Red Hat 260 files
Ubuntu 90 files
indoushka 64 files
Jasper Nota 25 files
Gentoo 19 files
Willem Westerhof 19 files
Debian 15 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,090)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,547)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,646)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,459)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,729)
UNIX (9,433)
UnixWare (187)
Windows (6,670)
Other

Ubuntu Security Notice USN-6463-1

Ubuntu Security Notice USN-6463-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6463-1

Share This

Ubuntu Security Notice USN-6463-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems