{"id":"UBUNTU-CVE-2009-1143","details":"An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).","modified":"2026-04-22T08:43:21.677730Z","published":"2022-11-23T18:15:00Z","upstream":["CVE-2009-1143"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2009-1143"},{"type":"REPORT","url":"https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2009-1143"}],"affected":[{"package":{"name":"open-vm-tools","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/open-vm-tools@2:9.4.0-1280544-5ubuntu6.4+esm1?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2013.09.16-1328054-0ubuntu1","2013.09.16-1328054-0ubuntu2","2013.09.16-1328054-0ubuntu4","2013.09.16-1328054-0ubuntu5","2013.09.16-1328054-0ubuntu6","2:9.4.0-1280544-5","2:9.4.0-1280544-5ubuntu1","2:9.4.0-1280544-5ubuntu2","2:9.4.0-1280544-5ubuntu4","2:9.4.0-1280544-5ubuntu5","2:9.4.0-1280544-5ubuntu6","2:9.4.0-1280544-5ubuntu6.2","2:9.4.0-1280544-5ubuntu6.4","2:9.4.0-1280544-5ubuntu6.4+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"2:9.4.0-1280544-5ubuntu6.4+esm1","binary_name":"open-vm-dkms"},{"binary_version":"2:9.4.0-1280544-5ubuntu6.4+esm1","binary_name":"open-vm-dkms-lts-trusty"},{"binary_version":"2:9.4.0-1280544-5ubuntu6.4+esm1","binary_name":"open-vm-toolbox"},{"binary_version":"2:9.4.0-1280544-5ubuntu6.4+esm1","binary_name":"open-vm-toolbox-lts-trusty"},{"binary_version":"2:9.4.0-1280544-5ubuntu6.4+esm1","binary_name":"open-vm-tools"},{"binary_version":"2:9.4.0-1280544-5ubuntu6.4+esm1","binary_name":"open-vm-tools-desktop"},{"binary_version":"2:9.4.0-1280544-5ubuntu6.4+esm1","binary_name":"open-vm-tools-dkms"},{"binary_version":"2:9.4.0-1280544-5ubuntu6.4+esm1","binary_name":"open-vm-tools-lts-trusty"},{"binary_version":"2:9.4.0-1280544-5ubuntu6.4+esm1","binary_name":"open-vm-tools-lts-trusty-desktop"},{"binary_version":"2:9.4.0-1280544-5ubuntu6.4+esm1","binary_name":"open-vm-tools-lts-trusty-dkms"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-1143.json"}},{"package":{"name":"open-vm-tools","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/open-vm-tools@2:10.2.0-3~ubuntu0.16.04.1+esm5?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:9.10.2-2822639-1ubuntu3","2:10.0.0-3000743-3ubuntu1","2:10.0.7-3227872-2ubuntu1","2:10.0.7-3227872-5ubuntu1~16.04.1","2:10.0.7-3227872-5ubuntu1~16.04.2","2:10.2.0-3~ubuntu0.16.04.1","2:10.2.0-3~ubuntu0.16.04.1+esm1","2:10.2.0-3~ubuntu0.16.04.1+esm2","2:10.2.0-3~ubuntu0.16.04.1+esm3","2:10.2.0-3~ubuntu0.16.04.1+esm4","2:10.2.0-3~ubuntu0.16.04.1+esm5"],"ecosystem_specific":{"binaries":[{"binary_version":"2:10.2.0-3~ubuntu0.16.04.1+esm5","binary_name":"open-vm-tools"},{"binary_version":"2:10.2.0-3~ubuntu0.16.04.1+esm5","binary_name":"open-vm-tools-desktop"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-1143.json"}},{"package":{"name":"open-vm-tools","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/open-vm-tools@2:11.0.5-4ubuntu0.18.04.3+esm4?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:10.1.10-3","2:10.1.10-3build1","2:10.1.15-1","2:10.1.15-1build1","2:10.2.0-2","2:10.2.0-2build1","2:10.2.0-3","2:10.2.0-3ubuntu1","2:10.2.0-3ubuntu2","2:10.2.0-3ubuntu3","2:10.3.0-0ubuntu1~18.04.1","2:10.3.0-0ubuntu1~18.04.2","2:10.3.0-0ubuntu1~18.04.3","2:10.3.5-7~ubuntu0.18.04.1","2:10.3.10-1~ubuntu0.18.04.1","2:11.0.1-2ubuntu0.18.04.2","2:11.0.5-4ubuntu0.18.04.1","2:11.0.5-4ubuntu0.18.04.2","2:11.0.5-4ubuntu0.18.04.3","2:11.0.5-4ubuntu0.18.04.3+esm1","2:11.0.5-4ubuntu0.18.04.3+esm2","2:11.0.5-4ubuntu0.18.04.3+esm3","2:11.0.5-4ubuntu0.18.04.3+esm4"],"ecosystem_specific":{"binaries":[{"binary_version":"2:11.0.5-4ubuntu0.18.04.3+esm4","binary_name":"open-vm-tools"},{"binary_version":"2:11.0.5-4ubuntu0.18.04.3+esm4","binary_name":"open-vm-tools-desktop"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-1143.json"}},{"package":{"name":"open-vm-tools","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/open-vm-tools@2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1?arch=source&distro=esm-infra/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:10.3.10-3ubuntu1","2:11.0.1-2","2:11.0.1-3","2:11.0.1-3ubuntu1","2:11.0.1-4","2:11.0.5-1","2:11.0.5-2","2:11.0.5-3","2:11.0.5-4","2:11.1.0-2~ubuntu20.04.1","2:11.1.5-1~ubuntu20.04.2","2:11.2.5-2ubuntu1~ubuntu20.04.1","2:11.3.0-2ubuntu0~ubuntu20.04.1","2:11.3.0-2ubuntu0~ubuntu20.04.2","2:11.3.0-2ubuntu0~ubuntu20.04.3","2:11.3.0-2ubuntu0~ubuntu20.04.4","2:11.3.0-2ubuntu0~ubuntu20.04.5","2:11.3.0-2ubuntu0~ubuntu20.04.6","2:11.3.0-2ubuntu0~ubuntu20.04.7","2:11.3.0-2ubuntu0~ubuntu20.04.8","2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1","binary_name":"open-vm-tools"},{"binary_version":"2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1","binary_name":"open-vm-tools-desktop"},{"binary_version":"2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1","binary_name":"open-vm-tools-sdmp"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-1143.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}]}