CVE-2023-34059 - OpenCVE

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Open Vm Tools
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:vmware:open_vm_tools:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/10/27/2	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/27/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/26/1
http://www.openwall.com/lists/oss-security/2023/11/27/1
https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/
https://www.debian.org/security/2023/dsa-5543	Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2023-0024.html	Not Applicable

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2023-10-27T04:53:31.893Z

Updated: 2023-10-27T04:53:31.893Z

Reserved: 2023-05-25T17:21:56.204Z

Link: CVE-2023-34059

JSON object: View

NVD Information

Status : Modified

Published: 2023-10-27T05:15:39.013

Modified: 2023-11-27T12:15:07.590

Link: CVE-2023-34059

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-34059", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2023-05-25T17:21:56.204Z", "datePublished": "2023-10-27T04:53:31.893Z", "dateUpdated": "2023-10-27T04:53:31.893Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "open-vm-tools", "vendor": "n/a", "versions": [{"lessThanOrEqual": "12.3.0", "status": "affected", "version": "11.0.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs."}], "value": "open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper.\u00a0A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "File descriptor hijack vulnerability", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2023-10-27T04:53:31.893Z"}, "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/27/3"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/27/2"}, {"url": "https://www.debian.org/security/2023/dsa-5543"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/26/1"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/27/1"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:open_vm_tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "9713E664-EA87-4236-B75E-8C44D5791E70", "versionEndIncluding": "12.3.0", "versionStartIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper.\u00a0A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs."}, {"lang": "es", "value": "open-vm-tools contiene una vulnerabilidad de secuestro de descriptores de archivos en vmware-user-suid-wrapper. Un actor malintencionado con privilegios no root puede secuestrar el descriptor del archivo /dev/uinput, permiti\u00e9ndole simular las entradas del usuario."}], "id": "CVE-2023-34059", "lastModified": "2023-11-27T12:15:07.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.9, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2023-10-27T05:15:39.013", "references": [{"source": "security@vmware.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/27/2"}, {"source": "security@vmware.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/27/3"}, {"source": "security@vmware.com", "url": "http://www.openwall.com/lists/oss-security/2023/11/26/1"}, {"source": "security@vmware.com", "url": "http://www.openwall.com/lists/oss-security/2023/11/27/1"}, {"source": "security@vmware.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html"}, {"source": "security@vmware.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/"}, {"source": "security@vmware.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/"}, {"source": "security@vmware.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5543"}, {"source": "security@vmware.com", "tags": ["Not Applicable"], "url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}