The vm-support script created temporary files in /tmp/ insecurely. A local attacker could use this flaw to overwrite an arbitrary file, possibly leading to a denial of service.
Created open-vm-tools tracking bugs for this issue:
Affects: fedora-all [bug 1165901]
Affects: epel-6 [bug 1165902]
This will also get fixed by rebasing open-vm-tools to 9.10.2, bug 1172833.
This issue affects the versions of open-vm-tools as shipped with Red Hat Enterprise Linux 7 and Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Errata URL: https://access.redhat.com/errata/RHBA-2015:2246