{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2009-1143", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-07T05:04:48.310Z", "dateReserved": "2009-03-25T00:00:00", "datePublished": "2022-11-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-23T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugs.gentoo.org/264577"}, {"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:04:48.310Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.gentoo.org/264577", "tags": ["x_transferred"]}, {"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:open-vm-tools:2009.03.18-154848:*:*:*:*:*:*:*", "matchCriteriaId": "C6F6BD47-6036-42F3-AA0A-659F2D9F88CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter)."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en open-vm-tools 2009.03.18-154848. Los usuarios locales pueden hacer una omisi\u00f3n sobre las restricciones de acceso previstas para el montaje de recursos compartidos mediante un ataque de symlink que aprovecha una condici\u00f3n ejecuci\u00f3n de realpath en mount.vmhgfs (tambi\u00e9n conocido como hgfsmounter)."}], "id": "CVE-2009-1143", "lastModified": "2024-11-21T01:01:46.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-23T18:15:10.823", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.gentoo.org/264577"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.gentoo.org/264577"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "open-vm-tools: access bypass due to realpath race condition in mount.vmhgfs (aka hgfsmounter)", "id": "2158066", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158066"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-59", "details": ["An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).", "A vulnerability was found in open-vm-tools. This flaw allows local users to bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter)."], "name": "CVE-2009-1143", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "open-vm-tools", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "open-vm-tools", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "open-vm-tools", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-11-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-1143\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-1143\nhttps://bugzilla.suse.com/show_bug.cgi?id=372070"], "threat_severity": "Low", "upstream_fix": "open-vm-tools stable-12.0.0"}