CVE-2023-34059
- Source
- https://cve.org/CVERecord?id=CVE-2023-34059
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34059.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-34059
- Downstream
- Related
- Published
- 2023-10-27T05:15:39.013Z
- Modified
- 2026-04-16T04:36:37.257176663Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
- References
-
- http://www.openwall.com/lists/oss-security/2023/11/27/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/
- https://www.openwall.com/lists/oss-security/2023/10/27/3
- http://www.openwall.com/lists/oss-security/2023/11/26/1
- https://www.debian.org/security/2023/dsa-5543
- http://www.openwall.com/lists/oss-security/2023/10/27/3
- https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html
- https://www.vmware.com/security/advisories/VMSA-2023-0024.html
- http://www.openwall.com/lists/oss-security/2023/10/27/2
Affected packages
Git / github.com/vmware/open-vm-tools
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vmware/open-vm-tools
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "11.0.0" }, { "last_affected": "12.3.0" }, { "introduced": "0" }, { "last_affected": "11.0" }, { "introduced": "0" }, { "last_affected": "12.0" } ] }
Affected versions
2008.*
2008.02.13-77928
2008.04.04-87182
2008.05.02-90473
2008.05.15-93084
2008.05.15-93241
2008.06.03-96374
2008.06.20-100027
2008.07.01-102166
2008.10.10-123053
2008.11.18-130226
2008.12.23-137496
2009.*
2009.01.21-142982
2009.02.18-148847
2009.03.18-154848
2009.04.23-162451
2009.05.22-167859
2009.06.18-172495
2009.07.22-179896
2009.08.24-187411
2009.09.18-193784
2009.10.15-201664
2009.11.16-210370
2009.12.16-217847
2010.*
2010.01.19-226760
2010.02.23-236320
2010.03.20-243334
2010.04.25-253928
2010.06.16-268169
2010.07.25-280253
2010.08.24-292196
2010.09.19-301124
2010.10.18-313025
2010.11.17-327185
2010.12.19-339835
2011.*
2011.01.24-354108
2011.03.28-387002
2011.04.25-402641
2011.05.27-420096
2011.06.27-437995
2011.07.19-450511
2011.08.21-471295
2011.09.23-491607
2011.10.26-514583
2011.11.20-535097
2011.12.20-562307
2012.*
2012.03.13-651368
2012.05.21-724730
2012.10.14-874563
2012.12.26-958366
2013.*
2013.04.16-1098359
2013.09.16-1328054
open-vm-tools-10.*
open-vm-tools-10.0.0-3000743
Other
p4-sync-929606
stable-10.*
stable-10.0.5
stable-11.*
stable-11.0.0
stable-12.*
stable-12.0.0
stable-12.3.0
stable-9.*
stable-9.10.0
stable-9.10.2