Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 24 Jul 2017 20:20:40 +0000
From: VMware Security Response Center <security@...are.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: [CVE-2015-5191] local privilege escalation in Open VMware Tools

Open VMware Tools (CVE-2015-5191) contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp.
Successful exploitation may result in a local privilege escalation. The impact of this vulnerability is low for distributions which have enabled PrivateTmp for the affected service.
Fixes/References
--------------
9.10.x – https://github.com/vmware/open-vm-tools/commit/c1304ce8bfd9c0c33999e496bf7049d5c3d45821
10.0.x - https://github.com/vmware/open-vm-tools/commit/b3068b04880eda4ca3e13f2d34fb8ce336ad1a4f
10.1.x - https://github.com/vmware/open-vm-tools/commit/22e58289f71232310d30cf162b83b5151a937bac
We would like to thank Florian Weimer and Kurt Seifried of Red Hat Product Security for reporting this issue to us.

--------------
Edward Hawkins
Senior Program Manager, Security Response
security@...are.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ