pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2024-3160/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

129 lines
5.1 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20243160",
"Version": "oval:org.altlinux.errata:def:20243160",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-3160: package `open-vm-tools` update to version 12.3.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-3160",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-3160",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-07234",
"RefURL": "https://bdu.fstec.ru/vul/2023-07234",
"Source": "BDU"
},
{
"RefID": "CVE-2023-34058",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34058",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34059",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34059",
"Source": "CVE"
}
],
"Description": "This update upgrades open-vm-tools to version 12.3.5-alt1. \nSecurity Fix(es):\n\n * BDU:2023-07234: Уязвимость набора утилит VMware Tools для операционных систем Windows, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2023-34058: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .\n\n * CVE-2023-34059: open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-06"
},
"Updated": {
"Date": "2024-03-06"
},
"BDUs": [
{
"ID": "BDU:2023-07234",
"CVSS": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-285",
"Href": "https://bdu.fstec.ru/vul/2023-07234",
"Impact": "High",
"Public": "20231026"
}
],
"CVEs": [
{
"ID": "CVE-2023-34058",
"CVSS3": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-347",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34058",
"Impact": "High",
"Public": "20231027"
},
{
"ID": "CVE-2023-34059",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34059",
"Impact": "High",
"Public": "20231027"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20243160001",
"Comment": "open-vm-tools is earlier than 0:12.3.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243160002",
"Comment": "open-vm-tools-desktop is earlier than 0:12.3.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243160003",
"Comment": "open-vm-tools-devel is earlier than 0:12.3.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243160004",
"Comment": "open-vm-tools-salt-minion is earlier than 0:12.3.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243160005",
"Comment": "open-vm-tools-test is earlier than 0:12.3.5-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink