Fwd: [oss-security] [Security Advisory] open-vm-tools: SAML token signature bypass vulnerability (CVE-2023-20900)

100 views
Skip to first unread message

Kurt Buff

unread,
Aug 31, 2023, 10:04:01 AM8/31/23
to ntsys...@googlegroups.com, patchma...@googlegroups.com
I'm not sure if this affects only open-vm-tools, or if it also affects all versions, but regardless, worth knowing about

Kurt

---------- Forwarded message ---------
From: VMware Security Response Center <secu...@vmware.com>
Date: Thu, Aug 31, 2023 at 7:14 AM
Subject: [oss-security] [Security Advisory] open-vm-tools: SAML token signature bypass vulnerability (CVE-2023-20900)
To: oss-se...@lists.openwall.com <oss-se...@lists.openwall.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Please see the security advisory here: https://www.vmware.com/security/advisories/VMSA-2023-0019.html

Description
==============================================================
CVE-2023-20900: VMware Tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3.1 base score of 7.5 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Known Attack Vectors
==============================================================
A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.

Upstream fix for CVE-2023-20900
==============================================================
https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQQ950nPZL1VtgrpULuSf/JD335VcQUCZPBa5gAKCRCSf/JD335V
cZZTAP9QYJDWCzECKYakbqu4fui7CditlHnew0qs0KjG9qfC3QEA7wLPBfudDBkj
ivy2KsHabG03funx8dWl/x77TfFbUlI=
=sAT7
-----END PGP SIGNATURE-----

Henry Awad

unread,
Aug 31, 2023, 10:52:31 AM8/31/23
to ntsys...@googlegroups.com, patchma...@googlegroups.com
It affects all versions. I checked the security advisory and they listed all the affected versions of VMware tools as well as the fixes for each one.

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce6hPkzD-JP%2BzjNpzUTv%3DeEBOOMUYY%2B8xDrRb0nijpd3%3DQ%40mail.gmail.com.

Melvin Backus

unread,
Aug 31, 2023, 11:07:45 AM8/31/23
to ntsys...@googlegroups.com, patchma...@googlegroups.com

Yeah, the fact that they issued a new release 2 weeks after they’d just updated tools should probably be a good indicator as to the impact on this one.

 

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

 

¯\_()_/¯

Reply all
Reply to author
Forward
0 new messages