Lucene search

1d66c9f9-fff2-411a-aa19-ca6312fa25e9NVD:CVE-2024-8158

HistoryAug 25, 2024 - 10:15 p.m.

CVE-2024-8158

2024-08-2522:15:05

CWE-639

1d66c9f9-fff2-411a-aa19-ca6312fa25e9

web.nvd.nist.gov

bug

9p authentication

impersonation

filesystem users

lib9p

factotum authentication

plan 9

9front

commit 9645ae07eb66a59015e3e118d0024790c37400da

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user.

This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches the client UID returned from the factotum authentication handshake.

The only filesystem making use of these functions within the base 9front systems is the experimental hjfs disk filesystem, other disk filesystems (cwfs and gefs) are not affected by this bug.

This bug was inherited from Plan 9 and is present in all versions of 9front and is remedied fully in commit 9645ae07eb66a59015e3e118d0024790c37400da.

Affected configurations

Nvd

Node

9frontlib9pRange<2024-08-24

VendorProductVersionCPE
9frontlib9p*cpe:2.3:a:9front:lib9p:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
9front	lib9p	*	cpe:2.3:a:9front:lib9p::::::::

References

git.9front.org/plan9front/plan9front/07aa9bfeef55ca987d411115adcfbbd4390ecf34/commit.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

Related for NVD:CVE-2024-8158