CVE-2009-1143 — Link Following in Vmware Open-vm-tools

CWE-59 — Link Following6 documents6 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 75.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Open-vm-tools

Timeline

PublishedNov 23

Description

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶Debianvmware/open-vm-tools< 2:12.0.0-1+2

▶NVDvmware/open-vm-tools2009.03.18-154848

Patches

Patch: bugs.gentoo.org ↗Patch: bugs.gentoo.org ↗

🔴Vulnerability Details

OSV

CVE-2009-1143: An issue was discovered in open-vm-tools 2009↗2022-11-23

▶

CVEList

CVE-2009-1143: An issue was discovered in open-vm-tools 2009↗2022-11-23

▶

GHSA

GHSA-29j9-2p84-4f27: An issue was discovered in open-vm-tools 2009↗2022-11-23

▶

📋Vendor Advisories

Red Hat

open-vm-tools: access bypass due to realpath race condition in mount.vmhgfs (aka hgfsmounter)↗2022-11-23

▶

Debian

CVE-2009-1143: open-vm-tools - An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypa...↗2009

▶