OESA-2023-1629

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1629

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1629.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2023-1629

Upstream

CVE-2023-20867

CVE-2023-20900

Published

2023-09-15T11:05:54Z

Modified

2025-09-03T06:18:54.805824Z

Summary

open-vm-tools security update

Details

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of .

Security Fix(es):

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.(CVE-2023-20867)

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .(CVE-2023-20900)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS / open-vm-tools

Package

Name: open-vm-tools
Purl: pkg:rpm/openEuler/open-vm-tools&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.0.5-3.oe2203

Ecosystem specific

{
    "src": [
        "open-vm-tools-12.0.5-3.oe2203.src.rpm"
    ],
    "aarch64": [
        "open-vm-tools-12.0.5-3.oe2203.aarch64.rpm",
        "open-vm-tools-debuginfo-12.0.5-3.oe2203.aarch64.rpm",
        "open-vm-tools-devel-12.0.5-3.oe2203.aarch64.rpm",
        "open-vm-tools-sdmp-12.0.5-3.oe2203.aarch64.rpm",
        "open-vm-tools-test-12.0.5-3.oe2203.aarch64.rpm",
        "open-vm-tools-debugsource-12.0.5-3.oe2203.aarch64.rpm",
        "open-vm-tools-desktop-12.0.5-3.oe2203.aarch64.rpm"
    ],
    "x86_64": [
        "open-vm-tools-debugsource-12.0.5-3.oe2203.x86_64.rpm",
        "open-vm-tools-desktop-12.0.5-3.oe2203.x86_64.rpm",
        "open-vm-tools-test-12.0.5-3.oe2203.x86_64.rpm",
        "open-vm-tools-salt-minion-12.0.5-3.oe2203.x86_64.rpm",
        "open-vm-tools-devel-12.0.5-3.oe2203.x86_64.rpm",
        "open-vm-tools-sdmp-12.0.5-3.oe2203.x86_64.rpm",
        "open-vm-tools-12.0.5-3.oe2203.x86_64.rpm",
        "open-vm-tools-debuginfo-12.0.5-3.oe2203.x86_64.rpm"
    ]
}