Bug 1603048 (CVE-2018-6969)
| Summary: | CVE-2018-6969 open-vm-tools: Out-of-bounds read in HGFS allows for information disclosure or potential privilege escalation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | cavery, jen, jjarvis, jsavanyo, ldu, leiwang, negativo17, ravindrakumar, ribarry, rjones, security-response-team, virt-maint, vmware-gos-qa, ybhasin, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | open-vm-tools 10.3.0 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-07-20 18:36:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1603049, 1603050, 1603051 | ||
| Bug Blocks: | 1603053 | ||
|
Description
Sam Fowler
2018-07-19 03:59:03 UTC
Created open-vm-tools tracking bugs for this issue: Affects: epel-6 [bug 1603050] Affects: fedora-all [bug 1603049] This advisory does not affect open-vm-tools, because it is about a Windows specific issue. I'm copying a note from https://www.vmware.com/security/advisories/VMSA-2018-0017.html here: =================== This issue only affects Windows VMs running on VMware Workstation or Fusion. =================== Ravindra, That not is not visible to me when I visit https://www.vmware.com/security/advisories/VMSA-2018-0017.html. Can you confirm it's still present? The only note I see is about file sharing: --- 1. Summary VMware Tools update addresses an out-of-bounds read vulnerability 2. Relevant Products VMware Tools 3. Problem Description VMware Tools HGFS out-of-bounds read vulnerability VMware Tools contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. Note: In order to be able to exploit this issue, file sharing must be enabled. VMware would like to thank Anurudh for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6969 to this issue. Column 5 of the following table... --- If this really just affects Windows guests running on VMware Workstation or Fusion, I think we can close the CVE as NOTABUG. (In reply to Jeff Nelson from comment #4) > That not is not visible to me when I visit > https://www.vmware.com/security/advisories/VMSA-2018-0017.html. Can you > confirm it's still present? May be you are seeing old page. There was an update made today with following changelog entry: ---------- VMSA-2018-0017.1 2018-07-17 Updated Security Advisory to clarify the affected products. ---------- If you are not seeing the changelog entry above, you are probably looking at the stale page and need to refresh your browser somehow. > If this really just affects Windows guests running on VMware Workstation or > Fusion, I think we can close the CVE as NOTABUG. I'm part of the same development team and I can confirm this with confidence that it does not apply to non-Windows guests. Based on Ravindra's statement in comment 5, this is a Windows-only issue (it does mention that in the table he refers to in https://www.vmware.com/security/advisories/VMSA-2018-0017.html). Engineering's opinion is that this bug and its dependent bugs should be closed as NOTABUG or WONTFIX. Product Security Team, if you agree that we can close the dependent bugs do you have a preference on the resolution status: WONTFIX versus NOTABUG? Clearing needinfo. NOTABUG as per VMware developer. |