Описание
A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.
A local path traversal vulnerability in usbmuxd allows unprivileged users to send crafted messages to its world-writable UNIX socket, causing the daemon to create or delete files as the usbmux user. Due to insufficient validation of the PairRecordID field, attackers can escape the intended configuration directory, with a narrow race condition potentially enabling broader file overwrite. The issue is limited to local access and does not directly grant root privileges.
Отчет
This issue is best classified as a Moderate vulnerability rather than an Important flaw because its impact is constrained to a local privilege boundary and a non-root service account. Exploitation requires local access to the system and interaction with a UNIX socket, with no remote attack vector or user interaction involved. While the lack of input validation allows path traversal leading to file deletion or creation, these operations are performed as the usbmux user, not as root, and therefore do not directly compromise full system integrity. The potential extension to arbitrary file overwrite relies on a tight race condition (TOCTOU), which reduces reliability and exploit consistency. There is no direct confidentiality impact and no automatic escalation beyond the service’s privilege scope, making the flaw security-relevant but limited in blast radius, aligning it with a medium (moderate) severity classification rather than a high-impact vulnerability.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | usbmuxd | Out of support scope | ||
| Red Hat Enterprise Linux 7 | usbmuxd | Out of support scope | ||
| Red Hat Enterprise Linux 8 | usbmuxd | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.7 Medium
CVSS3
Связанные уязвимости
A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.
A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.
A Path Traversal vulnerability in usbmuxd allows local users to escala ...
EPSS
5.7 Medium
CVSS3