Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-2746

Опубликовано: 08 мая 2024
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

Incomplete fix for CVE-2024-1929

The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started.

The dnf5 library code does not check whether non-root users control the directory in question. 

On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics sho

Ссылки

EPSS

Процентиль: 37%
0.00163
Низкий

8.8 High

CVSS3

Дефекты

CWE-20

Связанные уязвимости

msrc логотип

CVE-2024-2746

CVSS3: 8.8
msrc
5 месяцев назад

Incomplete fix for CVE-2024-1929

github логотип

GHSA-rpc3-mw2p-39mj

CVSS3: 8.8
github
больше 1 года назад

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question.  On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics ...

EPSS

Процентиль: 37%
0.00163
Низкий

8.8 High

CVSS3

Дефекты

CWE-20