Date: Mon, 24 Jul 2017 20:20:40 +0000 From: VMware Security Response Center <security@...are.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: [CVE-2015-5191] local privilege escalation in Open VMware Tools Open VMware Tools (CVE-2015-5191) contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation may result in a local privilege escalation. The impact of this vulnerability is low for distributions which have enabled PrivateTmp for the affected service. Fixes/References -------------- 9.10.x – https://github.com/vmware/open-vm-tools/commit/c1304ce8bfd9c0c33999e496bf7049d5c3d45821 10.0.x - https://github.com/vmware/open-vm-tools/commit/b3068b04880eda4ca3e13f2d34fb8ce336ad1a4f 10.1.x - https://github.com/vmware/open-vm-tools/commit/22e58289f71232310d30cf162b83b5151a937bac We would like to thank Florian Weimer and Kurt Seifried of Red Hat Product Security for reporting this issue to us. -------------- Edward Hawkins Senior Program Manager, Security Response security@...are.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ