Security Advisory: Local privilege escalation in Lix and Nix

查看原文 / View Original

Security Advisory: Local privilege escalation in Lix and Nix

安全公告:Lix 和 Nix 中的本地权限提升漏洞

Summary

摘要

Nix and Lix daemon implementations are affected by buffer overflows vulnerabilities that allow a local attacker to gain arbitrary code execution as the daemon user (root in multi-user installations). Nix 和 Lix 的守护进程实现受到缓冲区溢出漏洞的影响,该漏洞允许本地攻击者以守护进程用户(在多用户安装中为 root)的身份执行任意代码。

The vulnerabilities are identified as: 这些漏洞标识如下:

  • Nix: GHSA-vh5x-56v6-4368, CVE ID pending attribution by MITRE.
  • Nix: GHSA-vh5x-56v6-4368,CVE ID 正等待 MITRE 分配。
  • Lix: CVE ID pending attribution by MITRE.
  • Lix: CVE ID 正等待 MITRE 分配。

This is a coordinated disclosure between the Nix and Lix projects. 这是 Nix 和 Lix 项目之间的一次协同披露。

Guix is NOT affected by this vulnerability. Guix 不受此漏洞影响。

Am I affected?

我是否受到影响?

To exploit this issue, a local attacker needs access to talk to the Nix daemon. All systems that allow connections to their daemons are affected. Only users that are allowed to connect to the daemon (via allowed-users and trusted-users) can reliably trigger the issue. Substituters can in theory trigger the issue but cannot make enough attempts to mount attacks in practice. 要利用此问题,本地攻击者需要能够与 Nix 守护进程通信。所有允许连接到其守护进程的系统都会受到影响。只有被允许连接到守护进程的用户(通过 allowed-userstrusted-users 配置)才能可靠地触发该问题。理论上,替代者(Substituters)也可以触发该问题,但在实践中无法进行足够的尝试来发起攻击。

Additionally, this vulnerability requires ASLR weakening techniques to lead to a compromise. 此外,该漏洞需要结合 ASLR(地址空间布局随机化)削弱技术才能导致系统被攻破。

Fixes

修复方案

The vulnerabilities are fixed in the following versions: 这些漏洞已在以下版本中修复:

  • Nix:
    • Affected versions: ≥ 2.24.4
    • 受影响版本:≥ 2.24.4
    • Fixed versions: 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, 2.28.7
    • 修复版本:2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, 2.28.7

Nix security release also includes patches that address an unrelated path traversal vulnerability GHSA-gr92-w2r5-qw5p (CVE ID pending attribution). Nix 的安全版本还包含了针对一个不相关的路径遍历漏洞 GHSA-gr92-w2r5-qw5p(CVE ID 正等待分配)的补丁。

  • Lix:
    • Affected versions: ≥ 2.93.0
    • 受影响版本:≥ 2.93.0
    • Fixed versions: 2.93.4, 2.94.2, 2.95.2
    • 修复版本:2.93.4, 2.94.2, 2.95.2
← 返回新闻列表 / Back to news list