libvmtools0 安全漏洞 (CVE-2023-34059)

2023-11-29 23:22:26 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

CVE编号

CVE-2023-34059

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-05-25

open-vm-tools 中的 vmware-user-suid-wrapper 存在文件描述符劫持漏洞。非特权的恶意攻击者可能能够劫持 /dev/uinput 文件描述符，从而模拟用户输入。

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://www.openwall.com/lists/oss-security/2023/10/27/2
http://www.openwall.com/lists/oss-security/2023/10/27/3
http://www.openwall.com/lists/oss-security/2023/11/26/1
http://www.openwall.com/lists/oss-security/2023/11/27/1
https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://www.debian.org/security/2023/dsa-5543
https://www.vmware.com/security/advisories/VMSA-2023-0024.html

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	vmware	open_vm_tools	*	From (including) 11.0.0	Up to (including) 12.3.0
	运行在以下环境
	系统	amazon_2	open-vm-tools	*		Up to (excluding) 12.3.0-1.amzn2.0.1
	运行在以下环境
	系统	amazon_2023	open-vm-tools	*		Up to (excluding) 12.3.0-1.amzn2023.0.1
	运行在以下环境
	系统	debian	debian_linux	10.0	-
	运行在以下环境
	系统	debian	debian_linux	11.0	-
	运行在以下环境
	系统	debian	debian_linux	12.0	-
	运行在以下环境
	系统	debian_10	open-vm-tools	*		Up to (excluding) 2:10.3.10-1+deb10u6
	运行在以下环境
	系统	debian_11	open-vm-tools	*		Up to (excluding) 2:11.2.5-2+deb11u3
	运行在以下环境
	系统	debian_12	open-vm-tools	*		Up to (excluding) 2:12.2.0-1+deb12u2
	运行在以下环境
	系统	debian_sid	open-vm-tools	*		Up to (excluding) 2:12.3.5-1
	运行在以下环境
	系统	fedora_37	open-vm-tools	*		Up to (excluding) 12.3.0-3.fc37
	运行在以下环境
	系统	fedora_38	open-vm-tools	*		Up to (excluding) 12.3.0-3.fc38
	运行在以下环境
	系统	fedora_39	open-vm-tools	*		Up to (excluding) 12.3.0-3.fc39
	运行在以下环境
	系统	suse_12_SP5	open-vm-tools-salt-minion	*		Up to (excluding) 12.3.0-4.62.1
	运行在以下环境
	系统	ubuntu_20.04	open-vm-tools	*		Up to (excluding) 2:11.3.0-2ubuntu0~ubuntu20.04.7
	运行在以下环境
	系统	ubuntu_22.04	open-vm-tools	*		Up to (excluding) 2:12.1.5-3~ubuntu0.22.04.4