An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. https://bugs.gentoo.org/264577 https://bugzilla.suse.com/show_bug.cgi?id=474285 https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 https://github.com/vmware/open-vm-tools/commit/76dccec4dd4002cec240e71e0042cdacfae6cca7 (2011.03.28-387002)
I looked at our open-vm-tools branches. All branches contained the introduction of TOGGLE_VMBLOCK/ChmodChownDirectory commit 1f9b3d7ffdb1dbd1f9b855bcd61c98676026e85e and all branches contained the removal commit 76dccec4dd4002cec240e71e0042cdacfae6cca7. Plus I doubt we would build with TOGGLE_VMBLOCK on anyway. So this should not be a problem.
Mirek do you concur?
Created open-vm-tools tracking bugs for this issue: Affects: fedora-all [bug 2160322]
Can someone explain why CVE-2009-1142 is relative to currently supported releases of open-vm-tools currently in use on Red Hat systems? It appears that the offending code only concerned FreeBSD or Solaris guests and the code was removed from the open-vm-tools source in March of 2011. See the last URL in this bug description. As the git commit log is cummulative, accessing that URL https://github.com/vmware/open-vm-tools/commit/76dccec4dd4002cec240e71e0042cdacfae6cca7 (2011.03.28-387002) shows the removal of the code in the history of the current 12.1.5 open-vm-tools (tag stable-12.1.5) That is the only information that can be derived from this bug report. The "depends" or "blocks" bugs are locked; the reason for this bug is not apparent from the information that is available. If there is an issue that Vmware needs to address, we will need some more details.
(In reply to John Wolfe from comment #7) > Can someone explain why CVE-2009-1142 is relative to currently supported > releases of open-vm-tools currently in use on Red Hat systems? > > It appears that the offending code only concerned FreeBSD or Solaris guests > and the code was removed from the open-vm-tools source in March of 2011. > See the last URL in this bug description. As the git commit log is > cummulative, accessing that URL > > > https://github.com/vmware/open-vm-tools/commit/ > 76dccec4dd4002cec240e71e0042cdacfae6cca7 (2011.03.28-387002) > > shows the removal of the code in the history of the current 12.1.5 > open-vm-tools (tag stable-12.1.5) > > That is the only information that can be derived from this bug report. The > "depends" or "blocks" bugs are locked; the reason for this bug is not > apparent from the information that is available. > > If there is an issue that Vmware needs to address, we will need some more > details. Hi John, The offending code has been verified as not present in our releases so this is a non issue. Thanks!
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2009-1142