Bug 2213087 (CVE-2023-20867) - CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module
Summary: CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgau...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: CVE-2023-20867
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
: 2215140 (view as bug list)
Depends On: 2215553 2215562 2215563 2215564 2215565 2215566 2217081 2217082 2217083 2217085 2217086 2217087
Blocks: 2213089
TreeView+ depends on / blocked
 
Reported: 2023-06-07 06:34 UTC by Marian Rehak
Modified: 2023-10-09 19:17 UTC (History)
20 users (show)

Fixed In Version: open-vm-tools 12.2.5
Clone Of:
Environment:
Last Closed: 2023-08-17 05:47:33 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:3944 0 None None None 2023-06-29 15:09:15 UTC
Red Hat Product Errata RHSA-2023:3945 0 None None None 2023-06-29 15:02:35 UTC
Red Hat Product Errata RHSA-2023:3946 0 None None None 2023-06-29 15:03:41 UTC
Red Hat Product Errata RHSA-2023:3947 0 None None None 2023-06-29 15:02:10 UTC
Red Hat Product Errata RHSA-2023:3948 0 None None None 2023-06-29 15:08:18 UTC
Red Hat Product Errata RHSA-2023:3949 0 None None None 2023-06-29 15:14:46 UTC
Red Hat Product Errata RHSA-2023:3950 0 None None None 2023-06-29 15:17:42 UTC

Description Marian Rehak 2023-06-07 06:34:12 UTC 
Embargo Info
==============================================================
The information contained in this email is under embargo until the scheduled public disclosure on June 13th, 2023. The disclosure will be published at https://www.vmware.com/security/advisories/VMSA-2023-0013 at this time.

Description
==============================================================
CVE-2023-20867: VMware Tools contains an Authentication Bypass vulnerability in the vgauth module. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3.1 base score of 3.9 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N.

Known Attack Vectors
==============================================================
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the virtual machine.

Remediation
==============================================================
CVE-2023-20867.zip PASSWORD: 6ljsyoo7l8qenbn4a03q

The following patches are provided for released versions of open-vm-tools:

For releases 12.2.0, 12.1.5, 12.1.0, 12.0.5, 12.0.0, 11.3.5, 11.3.0

2023-20867-Remove-some-dead-code.patch

For releases 11.1.0, 11.1.5, 11.2.0, 11.2.5

2023-20867-Remove-some-dead-code-1110-1125.patch

For releases 11.0.0, 11.0.5

2023-20867-Remove-some-dead-code-1100-1105.patch

For releases 10.3.0, 10.3.5, 10.3.10

2023-20867-Remove-some-dead-code-1030-10310.patch

The patches have been tested against the above open-vm-tools releases.  Each applies cleanly with: 

    git am          for a git repository.
    patch -p2     in the top directory of an open-vm-tools source tree.
==============================================================
Comment 1 subhro 2023-06-15 14:44:19 UTC 
*** Bug 2215140 has been marked as a duplicate of this bug. ***
Comment 2 Marian Rehak 2023-06-16 13:48:43 UTC 
Created open-vm-tools tracking bugs for this issue:

Affects: fedora-all [bug 2215553]
Comment 6 Marco Benatto 2023-06-23 18:27:21 UTC 
Possible upstream commit for this issue:
https://github.com/vmware/open-vm-tools/commit/c66f38194f91f8b733caa0beb6310871ac629690
Comment 12 errata-xmlrpc 2023-06-29 15:02:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3947 https://access.redhat.com/errata/RHSA-2023:3947
Comment 13 errata-xmlrpc 2023-06-29 15:02:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3945 https://access.redhat.com/errata/RHSA-2023:3945
Comment 14 errata-xmlrpc 2023-06-29 15:03:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:3946 https://access.redhat.com/errata/RHSA-2023:3946
Comment 15 errata-xmlrpc 2023-06-29 15:08:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3948 https://access.redhat.com/errata/RHSA-2023:3948
Comment 16 errata-xmlrpc 2023-06-29 15:09:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3944 https://access.redhat.com/errata/RHSA-2023:3944
Comment 17 errata-xmlrpc 2023-06-29 15:14:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3949 https://access.redhat.com/errata/RHSA-2023:3949
Comment 18 errata-xmlrpc 2023-06-29 15:17:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3950 https://access.redhat.com/errata/RHSA-2023:3950
Note You need to log in before you can comment on or make changes to this bug.