CVE-2024-1929 (GCVE-0-2024-1929)
Vulnerability from cvelistv5
Published
2024-05-08 01:53
Modified
2024-09-17 21:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.
There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.
Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this "config" map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fedora | dnf5daemon-server |
Version: 5.1.16<= |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fedora:dnf5daemon-server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dnf5daemon-server",
"vendor": "fedora",
"versions": [
{
"lessThanOrEqual": "5.1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fedora:dnf5daemon-server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dnf5daemon-server",
"vendor": "fedora",
"versions": [
{
"lessThan": "pkg:github/rpm-software-management/dnf5@5.1.16",
"status": "affected",
"version": "pkg:github/rpm-software-management/dnf5@0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1929",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:00:01.200516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T21:32:39.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/03/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "dnf5daemon-server",
"platforms": [
"Linux"
],
"product": "dnf5daemon-server",
"vendor": "Fedora",
"versions": [
{
"status": "affected",
"version": "5.1.16\u003c="
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Root Exploit via Configuration Dictionary in dnf5daemon-server\u0026nbsp;before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.\u003cbr\u003e\u003cbr\u003eThere are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the \"config\" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.\u0026nbsp;\u003cbr\u003e\u003cbr\u003ePractically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this \"config\" map, which is untrusted data.\u0026nbsp;It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Local Root Exploit via Configuration Dictionary in dnf5daemon-server\u00a0before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.\n\nThere are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the \"config\" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.\u00a0\n\nPractically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this \"config\" map, which is untrusted data.\u00a0It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.\u00a0\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-08T01:53:34.726Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/03/04/2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Root Exploit via Configuration Dictionary ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-1929",
"datePublished": "2024-05-08T01:53:34.726Z",
"dateReserved": "2024-02-27T12:44:44.092Z",
"dateUpdated": "2024-09-17T21:32:39.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.openwall.com/lists/oss-security/2024/03/04/2\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:56:22.902Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1929\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-08T15:00:01.200516Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fedora:dnf5daemon-server:*:*:*:*:*:*:*:*\"], \"vendor\": \"fedora\", \"product\": \"dnf5daemon-server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.1.16\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:fedora:dnf5daemon-server:*:*:*:*:*:*:*:*\"], \"vendor\": \"fedora\", \"product\": \"dnf5daemon-server\", \"versions\": [{\"status\": \"affected\", \"version\": \"pkg:github/rpm-software-management/dnf5@0\", \"lessThan\": \"pkg:github/rpm-software-management/dnf5@5.1.16\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-08T14:58:38.214Z\"}}], \"cna\": {\"title\": \"Local Root Exploit via Configuration Dictionary \", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Fedora\", \"product\": \"dnf5daemon-server\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.1.16\u003c=\"}], \"platforms\": [\"Linux\"], \"packageName\": \"dnf5daemon-server\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.openwall.com/lists/oss-security/2024/03/04/2\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Local Root Exploit via Configuration Dictionary in dnf5daemon-server\\u00a0before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.\\n\\nThere are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the \\\"config\\\" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.\\u00a0\\n\\nPractically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this \\\"config\\\" map, which is untrusted data.\\u00a0It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.\\u00a0\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Local Root Exploit via Configuration Dictionary in dnf5daemon-server\u0026nbsp;before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.\u003cbr\u003e\u003cbr\u003eThere are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the \\\"config\\\" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.\u0026nbsp;\u003cbr\u003e\u003cbr\u003ePractically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this \\\"config\\\" map, which is untrusted data.\u0026nbsp;It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"shortName\": \"fedora\", \"dateUpdated\": \"2024-05-08T01:53:34.726Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-1929\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-17T21:32:39.341Z\", \"dateReserved\": \"2024-02-27T12:44:44.092Z\", \"assignerOrgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"datePublished\": \"2024-05-08T01:53:34.726Z\", \"assignerShortName\": \"fedora\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…