CVE-2009-1142

6.7MEDIUM

Key Information:

Vendor: Vmware
Status: Open Vm Tools
Vendor: CVE Published:; 23 November 2022

Summary

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.

References

https://bugs.gentoo.org/264577

https://github.com/vmware/open-vm-tools/releases/tag/2009...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2022
Vulnerability Reserved
Mar 25, 2009