Upstream information

CVE-2011-1681 at MITRE

Description

vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 3.3
Vector AV:L/AC:M/Au:N/C:P/I:P/A:N
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 690491 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.3
  • libvmtools0-debuginfo >= 2011.05.27-0.3.1
  • open-vm-tools-debuginfo >= 2011.05.27-0.3.1
  • open-vm-tools-debugsource >= 2011.05.27-0.3.1
  • open-vm-tools-gui-debuginfo >= 2011.05.27-0.3.1
  • vmware-guest-kmp-default-debuginfo >= 2011.05.27_k2.6.34.8_0.2-0.3.1
  • vmware-guest-kmp-desktop-debuginfo >= 2011.05.27_k2.6.34.8_0.2-0.3.1
  • vmware-guest-kmp-pae-debuginfo >= 2011.05.27_k2.6.34.8_0.2-0.3.1
openSUSE 11.3
  • libvmtools-devel >= 2011.05.27-0.3.1
  • libvmtools0 >= 2011.05.27-0.3.1
  • open-vm-tools >= 2011.05.27-0.3.1
  • open-vm-tools-gui >= 2011.05.27-0.3.1
  • vmware-guest-kmp-default >= 2011.05.27_k2.6.34.8_0.2-0.3.1
  • vmware-guest-kmp-desktop >= 2011.05.27_k2.6.34.8_0.2-0.3.1
  • vmware-guest-kmp-pae >= 2011.05.27_k2.6.34.8_0.2-0.3.1
openSUSE 11.4
  • libvmtools-devel >= 2011.05.27-0.3.3
  • libvmtools0 >= 2011.05.27-0.3.3
  • open-vm-tools >= 2011.05.27-0.3.3
  • open-vm-tools-gui >= 2011.05.27-0.3.3
  • vmware-guest-kmp-default >= 2011.05.27_k2.6.37.6_0.5-0.3.3
  • vmware-guest-kmp-desktop >= 2011.05.27_k2.6.37.6_0.5-0.3.3
  • vmware-guest-kmp-pae >= 2011.05.27_k2.6.37.6_0.5-0.3.3
openSUSE 11.4
  • libvmtools-devel >= 2011.05.27-0.3.3
  • libvmtools0 >= 2011.05.27-0.3.3
  • libvmtools0-debuginfo >= 2011.05.27-0.3.3
  • open-vm-tools >= 2011.05.27-0.3.3
  • open-vm-tools-debuginfo >= 2011.05.27-0.3.3
  • open-vm-tools-debugsource >= 2011.05.27-0.3.3
  • open-vm-tools-gui >= 2011.05.27-0.3.3
  • open-vm-tools-gui-debuginfo >= 2011.05.27-0.3.3
  • vmware-guest-kmp-default >= 2011.05.27_k2.6.37.6_0.5-0.3.3
  • vmware-guest-kmp-default-debuginfo >= 2011.05.27_k2.6.37.6_0.5-0.3.3
  • vmware-guest-kmp-desktop >= 2011.05.27_k2.6.37.6_0.5-0.3.3
  • vmware-guest-kmp-desktop-debuginfo >= 2011.05.27_k2.6.37.6_0.5-0.3.3
  • vmware-guest-kmp-pae >= 2011.05.27_k2.6.37.6_0.5-0.3.3
  • vmware-guest-kmp-pae-debuginfo >= 2011.05.27_k2.6.37.6_0.5-0.3.3
Patchnames:
libvmtools-devel