It was discovered that open-vm-tools has multiple /tmp race conditions in the libDeployPkg component, allowing an unprivileged local user in a guest to cause a denial of service through file system manipulation, or, possibly, increase privileges. Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security.
Created open-vm-tools tracking bugs for this issue: Affects: fedora-all [bug 1474701]
References: http://seclists.org/oss-sec/2017/q3/209 Upstream patches: 9.10.x – https://github.com/vmware/open-vm-tools/commit/c1304ce8bfd9c0c33999e496bf7049d5c3d45821 10.0.x - https://github.com/vmware/open-vm-tools/commit/b3068b04880eda4ca3e13f2d34fb8ce336ad1a4f 10.1.x - https://github.com/vmware/open-vm-tools/commit/22e58289f71232310d30cf162b83b5151a937bac