CVE-2009-1142

CWE-596 documents6 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 83.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Open VM Tools
Timeline
PublishedNov 23

Description

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDvmware/open_vm_tools2009.03.18-154848
Debianopen-vm-tools< 2:8.4.2+2011.08.21-471295-1+3

🔴Vulnerability Details

3
CVEList
CVE-2009-1142: An issue was discovered in open-vm-tools 20092022-11-23
OSV
CVE-2009-1142: An issue was discovered in open-vm-tools 20092022-11-23
GHSA
GHSA-gpcm-h3wc-3765: An issue was discovered in open-vm-tools 20092022-11-23

📋Vendor Advisories

2
Red Hat
open-vm-tools: privilege escalation if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled2022-11-23
Debian
CVE-2009-1142: open-vm-tools - An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain...2009
CVE-2009-1142 (MEDIUM CVSS 6.7) | An issue was discovered in open-vm- | cvebase.io