Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi release team,
as discuassed with the security team, I'd like to fix #925959
with the next stable pointrelease. The proposed debdiff is attached.
Please let me know if its okay to upload.
Thanks,
Bernd
--
Bernd ZeimetzDebian GNU/Linux Developer
http://bzed.dehttp://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
diff --git a/debian/changelog b/debian/changelog
index 0be9f865..9b8f4cbb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+open-vm-tools (2:10.1.5-5055683-4+deb9u2) stable; urgency=medium
+
+ * [34db05f] /tmp/VMwareDnD permissions security fix.
+Fix possible security issue with the permissions of the intermediate
+staging directory and path
+/tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be
+a regular directory, but malicious code or user may create the
/tmp/VMwareDnD
+as a symbolic link which points elsewhere on the system. This may provide
+user access to user B's files.
+Do not set the permission of the root directory if the root directory
+already exists and has the wrong permission. The permission of the
directory
+must be 1777 if it is created by the VMToolsi. If not, then the directory
+has been created or modified by malicious code or user, so just cancel the
+host to guest DnD or CnP operation. (Closes: #925959)
+
+ -- Bernd Zeimetz Fri, 05 Apr 2019 23:10:04 +0200
+
open-vm-tools (2:10.1.5-5055683-4+deb9u1) stretch; urgency=medium
* [dec8df6] Upstream fix for CVE-2015-5191 (Closes: #869633)
diff --git
a/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch
b/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch
new file mode 100644
index ..43daed8a
--- /dev/null
+++
b/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch
@@ -0,0 +1,54 @@
+commit e88f91b00a715b79255de6576506d80ecfdb064c
+Author: Oliver Kurth
+Date: Tue Jan 29 14:03:19 2019 -0800
+
+Fix possible security issue with the permissions of the intermediate
+staging directory and path
+
+/tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be
+a regular directory, but malicious code or user may create the
/tmp/VMwareDnD
+as a symbolic link which points elsewhere on the system. This may provide
+user access to user B's files.
+
+Do not set the permission of the root directory if the root directory
+already exists and has the wrong permission. The permission of the
directory
+must be 1777 if it is created by the VMToolsi. If not, then the directory
+has been created or modified by malicious code or user, so just cancel the
+host to guest DnD or CnP operation.
+
+--- a/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c
b/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c
+@@ -276,12 +276,11 @@ DnDCreateRootStagingDirectory(void)
+}
+
+if (File_Exists(root)) {
+- if (!DnDRootDirUsable(root) &&
+- !DnDSetPermissionsOnRootDir(root)) {
++ if (!DnDRootDirUsable(root)) {
+ /*
+- * The directory already exists and its permissions are wrong and
+- * cannot be set, so there's not much we can do.
++ * The directory already exists and its permissions are wrong.
+ */
++ Log("%s: The root dir is not usable.\n", __FUNCTION__);
+ return NULL;
+ }
+} else {
+--- a/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c
b/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c
+@@ -318,12 +318,11 @@ CreateApparentRootDirectory(void)
+}
+
+if (File_Exists(root)) {
+- if ( !DnDRootDirUsable(root)
+- && !DnDSetPermissionsOnRootDir(root)) {
++ if (!DnDRootDirUsable(root)) {
+ /*
+- * The directory already exists and its permissions are wrong and
+- * cannot be set, so there's not much we can do.
++ * The directory already exists and its permissions are wrong.
+ */
++ Log_Trivia("dnd: The root dir is not usable.\n");
+ return NULL;
+ }
+} else {
diff --git a/debian/patches/series b/debian/patches/series
index 2c8fbff7..58f5849b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ from_arch/0001-Fix-vmxnet-module-on-kernels-3.16.patch
debian/enable_vmhgfs-fuse_by_default
debian/vmxnet_fix_kernel_4.7.patch
debian/cve-2015-5191.patch
+e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch