PT-2023-8895 · Vmware+10 · Open-Vm-Tools+10

Matthias Gerstner

·

Publicado

2023-10-26

·

Atualizado

2025-08-24

·

CVE-2023-34059

CVSS v3.1

7.4

Alta

VetorAV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions open-vm-tools (affected versions not specified)
Description The issue is related to a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs. This could potentially enable the attacker to bypass existing security restrictions.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Privilege Assignment

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-404

Identificadores relacionados

ALSA-2023:7265
ALSA-2023:7277
ALT-PU-2023-6667
ALT-PU-2024-1233
ALT-PU-2024-1863
ALT-PU-2024-3160
AZL-31733
BDU:2024-02571
CESA-2023_7265
CESA-2023_7279
CVE-2023-34059
DLA-3646-1
DSA-5543-1
MGASA-2024-0058
OESA-2023-1831
OESA-2023-1832
OESA-2023-1833
OPENSUSE-SU-2023_4227-1
OPENSUSE-SU-2024:13374-1
RHSA-2023:7260
RHSA-2023:7261
RHSA-2023:7262
RHSA-2023:7263
RHSA-2023:7264
RHSA-2023:7265
RHSA-2023:7267
RHSA-2023:7276
RHSA-2023:7277
RHSA-2023:7279
RHSA-2023_7265
RHSA-2023_7277
RHSA-2023_7279
RLSA-2023:7265
SUSE-SU-2023:4227-1
SUSE-SU-2023:4228-1
SUSE-SU-2023:4229-1
SUSE-SU-2023:4230-1
USN-6463-1
USN-6463-2
USN-7714-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Open-Vm-Tools