open-vm-tools 2009.03.18-154848 Symlink Race in mount.vmhgfs
CVE-2009-1143 Published on November 23, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
Vulnerability Analysis
CVE-2009-1143 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2009-1143 has been classified to as an insecure temporary file vulnerability or weakness.
Products Associated with CVE-2009-1143
Want to know whenever a new CVE is published for VMware Open Vm Tools? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.