Tuesday, May 13, 2025

[USN-7508-1] Open VM Tools vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmgjRnAFAwAAAAAACgkQZWnYVadEvpP3
hRAApw21tKsR/iHA3afl2vk7Ec1gwVJ/W+YWWK3Hvh8gRusovXYKL5OS/w+ikl+ib1TFE7r+WmZJ
+eNp6cKvDWVx1tA8MiX3zrNQBfO9WcEiPTCmL1Kj5M6vr/tA44NrAiwNrjmbw5j2Xx0Jh1uEd5bd
fa29VsBiVzW2zv6FyVjasDnyFojDRTQohZE63shKXTxqFtbawWpm9/9GuBHBDrHewMb0onfDygCg
6k5GcSt4FLyFwbrzF68VLs5+aKl5bpZUIkcNJA+zJTdAJmNKOOwzzPFdLoDap2HfdZJUIYWFmeJ0
uWc6JbBA/X53hGX83ExBHwHa2gGDiCoU2h6p0vsWdqFSL3ReBcJBIsE7AeeL0qvG3RPmSmYC5dCb
SBCjIg18Hyu0GH2weO+ebSeVwJe9fgOyItjvBeDrKQLVSPXSBhXwAVzZ+68TTo3GGbHrd+FxI37f
O+ONZhbhmk7xgMmbvhkvi4KkEvB2rRFbvLNCnj1BFKYWhTJBaIArC9QMer6dj8m6JUyRGl9Irra8
1giUdHIW2wCTxI46UiRD6ZzoAoriRCVldaeZ+fyadiU62iByq392wACQXWaNBdEzDJr6YdLjD+YL
sUO517+zw0kLSNqEJM+5XoE4QhUkal1NygbjeKFDxWABTtRHARziPHjMYFhC9x5PSDwJG3Ixp8KP
GPI=
=XZ/Z
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7508-1
May 13, 2025

open-vm-tools vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Open VM Tools could be made to overwrite files as the administrator.

Software Description:
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

It was discovered that Open VM Tools incorrectly handled certain file
operations. An attacker in a guest could use this issue to perform insecure
file operations and possibly elevate privileges in the guest.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
open-vm-tools 2:12.5.0-1ubuntu0.1

Ubuntu 24.10
open-vm-tools 2:12.4.5-1ubuntu0.1

Ubuntu 24.04 LTS
open-vm-tools 2:12.4.5-1~ubuntu0.24.04.2

Ubuntu 22.04 LTS
open-vm-tools 2:12.3.5-3~ubuntu0.22.04.2

Ubuntu 20.04 LTS
open-vm-tools 2:11.3.0-2ubuntu0~ubuntu20.04.8

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7508-1
CVE-2025-22247

Package Information:
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.5.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.4.5-1ubuntu0.1
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.4.5-1~ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.3.5-3~ubuntu0.22.04.2

https://launchpad.net/ubuntu/+source/open-vm-tools/2:11.3.0-2ubuntu0~ubuntu20.04.8

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)