CVE-2009-1143
published 2022-11-23CVE-2009-1143: An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that…
high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | open-vm-tools | < open-vm-tools 2:12.0.0-1 (bookworm) | open-vm-tools 2:12.0.0-1 (bookworm) |
| vmware | open-vm-tools | — | — |
| vmware | open-vm-tools | >= 0 < 2:12.0.0-1 | 2:12.0.0-1 |
| vmware | open-vm-tools | >= 0 < 2:12.0.0-1 | 2:12.0.0-1 |
| vmware | open-vm-tools | >= 0 < 2:12.0.0-1 | 2:12.0.0-1 |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.0HIGH