'[oss-security] [CVE-2015-5191] local privilege escalation in Open VMware Tools'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2015-5191] local privilege escalation in Open VMware Tools
From:       VMware Security Response Center <security () vmware ! com>
Date:       2017-07-24 20:20:40
Message-ID: A047823A-119C-4C8E-A41E-313270E085BA () vmware ! com
[Download RAW message or body]

[Attachment #2 (text/plain)]

Open VMware Tools (CVE-2015-5191) contains multiple file system races in libDeployPkg, related \
to the use of hard-coded paths under /tmp. Successful exploitation may result in a local \
privilege escalation. The impact of this vulnerability is low for distributions which have \
enabled PrivateTmp for the affected service. Fixes/References
--------------
9.10.x – https://github.com/vmware/open-vm-tools/commit/c1304ce8bfd9c0c33999e496bf7049d5c3d45821
 10.0.x - https://github.com/vmware/open-vm-tools/commit/b3068b04880eda4ca3e13f2d34fb8ce336ad1a4f
 10.1.x - https://github.com/vmware/open-vm-tools/commit/22e58289f71232310d30cf162b83b5151a937bac
 We would like to thank Florian Weimer and Kurt Seifried of Red Hat Product Security for \
reporting this issue to us.

--------------
Edward Hawkins
Senior Program Manager, Security Response
security@vmware.com



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic