Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:5313

Опубликовано: 26 сент. 2023
Источник: rocky
Оценка: Important

Описание

Important: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

  • open-vm-tools: SAML token signature bypass (CVE-2023-20900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
open-vm-toolsx86_641.el9_2.3open-vm-tools-12.1.5-1.el9_2.3.x86_64.rpm
open-vm-tools-desktopx86_641.el9_2.3open-vm-tools-desktop-12.1.5-1.el9_2.3.x86_64.rpm
open-vm-tools-salt-minionx86_641.el9_2.3open-vm-tools-salt-minion-12.1.5-1.el9_2.3.x86_64.rpm
open-vm-tools-sdmpx86_641.el9_2.3open-vm-tools-sdmp-12.1.5-1.el9_2.3.x86_64.rpm
open-vm-tools-testx86_641.el9_2.3open-vm-tools-test-12.1.5-1.el9_2.3.x86_64.rpm

Показывать по

Связанные CVE

CVE-2023-20900

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2023-20900

CVSS3: 7.1
ubuntu
почти 2 года назад

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

redhat логотип

CVE-2023-20900

CVSS3: 7.1
redhat
почти 2 года назад

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

nvd логотип

CVE-2023-20900

CVSS3: 7.1
nvd
почти 2 года назад

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

debian логотип

CVE-2023-20900

CVSS3: 7.1
debian
почти 2 года назад

A malicious actor that has been granted Guest Operation Privileges ht ...

suse-cvrf логотип

SUSE-SU-2023:3835-1

suse-cvrf
больше 1 года назад

Securitys update for open-vm-tools