CVE-2024-29905

Name of the Vulnerable Software and Affected Versions DIRAC versions prior to 8.0.41

Description DIRAC is a software framework for distributed computing. During the proxy generation process, such as when using dirac-proxy-init, unauthorized users on the same machine can gain read access to the proxy. This allows the user to perform any action possible with the original proxy. The vulnerability exists for a short period, specifically a sub-millisecond time frame, during the generation process.

Recommendations For versions prior to 8.0.41, update to version 8.0.41 to resolve the issue. As a temporary workaround, setting the X509 USER PROXY environment variable to a path inside a directory only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (/tmp/x509up uNNNN).