FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

open-vm-tools -- Multiple vulnerabilities

Affected packages
	open-vm-tools	<	12.3.5
	open-vm-tools-nox11	<	12.3.5

Details

VuXML ID	d2505ec7-78ea-11ee-9131-6f01853956d5
Discovery	2023-10-26
Entry	2023-11-01

VMware reports:

This update includes 2 security fixes:

High CVE-2023-34058: SAML token signature bypass vulnerability

High CVE-2023-34059: File descriptor hijack vulnerability in the vmware-user-suid-wrapper

[source]

References

CVE Name	CVE-2023-34058
CVE Name	CVE-2023-34059
URL	https://nvd.nist.gov/vuln/detail/CVE-2023-34058
URL	https://nvd.nist.gov/vuln/detail/CVE-2023-34059