what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2023-34058

Status Candidate

Overview

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

Related Files

Ubuntu Security Notice USN-6463-2
Posted Dec 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6463-2 - USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could possibly use this issue to elevate their privileges.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-34058, CVE-2023-34059
SHA-256 | 539ac70bca3ea1e9964c520e718612b18a18216724e5f7d39c2a37c57be262c1
Download | Favorite | View
Red Hat Security Advisory 2023-7279-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7279-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | da34b392f21ddc5c3a2fbcb5980323d33087e5049057a3875f73b5b39ae4c94e
Download | Favorite | View
Red Hat Security Advisory 2023-7277-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7277-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | b0595cfceeea9f89f3ffb587e306325885a9e84a54f9b4cf23bbc1eee654a984
Download | Favorite | View
Red Hat Security Advisory 2023-7276-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7276-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | 3e043a716159ba7babd8f964624ea637f6973e59de25e2754fa42e1b19fc3b48
Download | Favorite | View
Red Hat Security Advisory 2023-7267-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7267-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | 90c5f3f938c968ef309095c886bc77b5eec17b3423b9e3126798a7e22c5c9856
Download | Favorite | View
Red Hat Security Advisory 2023-7265-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7265-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | 022d91ffb803b3587ffb3c8bf03ce12b2f25f95800a3a22f497aa34c9e6084c7
Download | Favorite | View
Red Hat Security Advisory 2023-7264-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7264-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | 0b8ff8dbe1ab4f5a291a3ea59de07c27df9be81b969cbf18ae97bb957d2b0303
Download | Favorite | View
Red Hat Security Advisory 2023-7263-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7263-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | 4fc05fd11d21bd2153b7193d535d21a85b18b053ae6115f8660866436062f83d
Download | Favorite | View
Red Hat Security Advisory 2023-7262-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7262-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | 0555f9fe32a7d54d53cfe67af681b71f934fda400ad7e1d91110f094f409d8e0
Download | Favorite | View
Red Hat Security Advisory 2023-7261-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7261-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | bdf4447b4efd5206608a7d9654499e18b06979b5c8e299d27bc6725d90e49de7
Download | Favorite | View
Red Hat Security Advisory 2023-7260-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7260-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | 5c4d122d6ddeedef447e1cdbd42709ef9bd673bc5f9cdfe0226d1a6b0c08179a
Download | Favorite | View
Debian Security Advisory 5543-1
Posted Nov 13, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5543-1 - Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation.

tags | advisory
systems | linux, debian
advisories | CVE-2023-34058, CVE-2023-34059
SHA-256 | c7cd6edc99b5ce7844173fe4d604a48697cb21e1fdd4652f16343b8de2a04955
Download | Favorite | View
Ubuntu Security Notice USN-6463-1
Posted Nov 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6463-1 - It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A local attacker could possibly use this issue to hijack /dev/uinput and simulate user inputs.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2023-34058, CVE-2023-34059
SHA-256 | a4da15fc219bf81c75561d0fc1ba953d4a02dafa38a0ac2d8968573aed6c9a0c
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close