CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module

CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module

Open Source Security 

Posted by Solar Designer on Oct 15

Hi,

This was brought to linux-distros on June 6 with „scheduled public
disclosure on June 13th, 2023.“ There’s a VMware security advisory that
says it was published on that date:

https://www.vmware.com/security/advisories/VMSA-2023-0013.html

and patches are available at:

https://github.com/vmware/open-vm-tools/tree/CVE-2023-20867.patch

but the issue was wrongly never brought to oss-security (or at least I
couldn’t find…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert