Bug 2213087 (CVE-2023-20867) - CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module
Summary: CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgau...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: CVE-2023-20867
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
: 2215140 (view as bug list)
Depends On: 2215553 2215562 2215563 2215564 2215565 2215566 2217081 2217082 2217083 2217085 2217086 2217087
Blocks: 2213089
TreeView+ depends on / blocked
 
Reported: 2023-06-07 06:34 UTC by Marian Rehak
Modified: 2023-10-09 19:17 UTC (History)
20 users (show)

Fixed In Version: open-vm-tools 12.2.5
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity.
Clone Of:
Environment:
Last Closed: 2023-08-17 05:47:33 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:3944 0 None None None 2023-06-29 15:09:15 UTC
Red Hat Product Errata RHSA-2023:3945 0 None None None 2023-06-29 15:02:35 UTC
Red Hat Product Errata RHSA-2023:3946 0 None None None 2023-06-29 15:03:41 UTC
Red Hat Product Errata RHSA-2023:3947 0 None None None 2023-06-29 15:02:10 UTC
Red Hat Product Errata RHSA-2023:3948 0 None None None 2023-06-29 15:08:18 UTC
Red Hat Product Errata RHSA-2023:3949 0 None None None 2023-06-29 15:14:46 UTC
Red Hat Product Errata RHSA-2023:3950 0 None None None 2023-06-29 15:17:42 UTC

Description Marian Rehak 2023-06-07 06:34:12 UTC 
Embargo Info
==============================================================
The information contained in this email is under embargo until the scheduled public disclosure on June 13th, 2023. The disclosure will be published at https://www.vmware.com/security/advisories/VMSA-2023-0013 at this time.

Description
==============================================================
CVE-2023-20867: VMware Tools contains an Authentication Bypass vulnerability in the vgauth module. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3.1 base score of 3.9 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N.

Known Attack Vectors
==============================================================
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the virtual machine.

Remediation
==============================================================
CVE-2023-20867.zip PASSWORD: 6ljsyoo7l8qenbn4a03q

The following patches are provided for released versions of open-vm-tools:

For releases 12.2.0, 12.1.5, 12.1.0, 12.0.5, 12.0.0, 11.3.5, 11.3.0

2023-20867-Remove-some-dead-code.patch

For releases 11.1.0, 11.1.5, 11.2.0, 11.2.5

2023-20867-Remove-some-dead-code-1110-1125.patch

For releases 11.0.0, 11.0.5

2023-20867-Remove-some-dead-code-1100-1105.patch

For releases 10.3.0, 10.3.5, 10.3.10

2023-20867-Remove-some-dead-code-1030-10310.patch

The patches have been tested against the above open-vm-tools releases.  Each applies cleanly with: 

    git am          for a git repository.
    patch -p2     in the top directory of an open-vm-tools source tree.
==============================================================
Comment 1 subhro 2023-06-15 14:44:19 UTC 
*** Bug 2215140 has been marked as a duplicate of this bug. ***
Comment 2 Marian Rehak 2023-06-16 13:48:43 UTC 
Created open-vm-tools tracking bugs for this issue:

Affects: fedora-all [bug 2215553]
Comment 6 Marco Benatto 2023-06-23 18:27:21 UTC 
Possible upstream commit for this issue:
https://github.com/vmware/open-vm-tools/commit/c66f38194f91f8b733caa0beb6310871ac629690
Comment 12 errata-xmlrpc 2023-06-29 15:02:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3947 https://access.redhat.com/errata/RHSA-2023:3947
Comment 13 errata-xmlrpc 2023-06-29 15:02:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3945 https://access.redhat.com/errata/RHSA-2023:3945
Comment 14 errata-xmlrpc 2023-06-29 15:03:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:3946 https://access.redhat.com/errata/RHSA-2023:3946
Comment 15 errata-xmlrpc 2023-06-29 15:08:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3948 https://access.redhat.com/errata/RHSA-2023:3948
Comment 16 errata-xmlrpc 2023-06-29 15:09:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3944 https://access.redhat.com/errata/RHSA-2023:3944
Comment 17 errata-xmlrpc 2023-06-29 15:14:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3949 https://access.redhat.com/errata/RHSA-2023:3949
Comment 18 errata-xmlrpc 2023-06-29 15:17:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3950 https://access.redhat.com/errata/RHSA-2023:3950
Note You need to log in before you can comment on or make changes to this bug.