{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2009-1143", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2022-11-23T00:00:00", "dateReserved": "2009-03-25T00:00:00", "datePublished": "2022-11-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-23T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugs.gentoo.org/264577"}, {"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:open-vm-tools:2009.03.18-154848:*:*:*:*:*:*:*", "matchCriteriaId": "C6F6BD47-6036-42F3-AA0A-659F2D9F88CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter)."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en open-vm-tools 2009.03.18-154848. Los usuarios locales pueden hacer una omisi\u00f3n sobre las restricciones de acceso previstas para el montaje de recursos compartidos mediante un ataque de symlink que aprovecha una condici\u00f3n ejecuci\u00f3n de realpath en mount.vmhgfs (tambi\u00e9n conocido como hgfsmounter)."}], "id": "CVE-2009-1143", "lastModified": "2022-11-28T18:22:37.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-23T18:15:10.823", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.gentoo.org/264577"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}