CVE-2009-1143
HIGHVMware open-vm-tools 2009.03.18-154848 - Symlink Attack via Realpath Race Condition in mount.vmhgfs
Title source: llmDescription
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
References (2)
Core 2
Core References
Issue Tracking, Patch, Third Party Advisory
https://bugs.gentoo.org/264577
Release Notes, Third Party Advisory
https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848
Scores
CVSS v3
7.0
EPSS
0.0008
EPSS Percentile
22.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-59
Status
published
Products (1)
vmware/open-vm-tools
2009.03.18-154848
Published
Nov 23, 2022
Tracked Since
Feb 18, 2026