PT-2024-38844 · Cwfs+4 · Cwfs+4
Cinap_Lenrek
+2
·
Published
2024-08-25
·
Updated
2024-09-12
·
CVE-2024-8158
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/AU:N/V:C/RE:L/U:Red |
Name of the Vulnerable Software and Affected Versions:
9front versions prior to commit 9645ae07eb66a59015e3e118d0024790c37400da
Description:
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not properly verifying that the
uname given in the Tauth and Tattach 9p messages matches the client UID returned from the factotum authentication handshake. The only filesystem making use of these functions within the base 9front systems is the experimental hjfs disk filesystem, other disk filesystems (cwfs and gefs) are not affected by this bug.Recommendations:
For 9front versions prior to commit 9645ae07eb66a59015e3e118d0024790c37400da, update to a version that includes the remediation commit to secure your system. As a temporary workaround, consider restricting access to the experimental hjfs disk filesystem until the update is applied.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
9Front
Cwfs
Gefs
Hjfs
Lib9P