CVE-2009-1143

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name	Vendor	Start Version	End Version
Open-vm-tools	Vmware	2009.03.18-154848 (including)	2009.03.18-154848 (including)
Open-vm-tools	Ubuntu	bionic	*
Open-vm-tools	Ubuntu	esm-infra-legacy/trusty	*
Open-vm-tools	Ubuntu	esm-infra/bionic	*
Open-vm-tools	Ubuntu	esm-infra/xenial	*
Open-vm-tools	Ubuntu	focal	*
Open-vm-tools	Ubuntu	trusty	*
Open-vm-tools	Ubuntu	trusty/esm	*
Open-vm-tools	Ubuntu	xenial	*

Potential Mitigations

Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-1143
CWE	https://cwe.mitre.org/data/definitions/59.html

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

References

CVE-2009-1143

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References