Code Monkey home page Code Monkey logo

mesa's People

Contributors

agd5f avatar airlied avatar amaasikas avatar anholt avatar bnf avatar brianpaul avatar curro avatar cworth-gh avatar dbnicholson avatar gsapountzis avatar ianromanick avatar jrfonseca avatar kaydenl avatar krh avatar luca-barbieri avatar marcheu avatar marekolsak avatar mcencora avatar mostawesomedude avatar nhaehnle avatar olvaffe avatar stereotype441 avatar suokko avatar tstellaramd avatar vadimgirlin avatar versalinyaa avatar wallbraker avatar xhaihao avatar ymanton avatar zackr avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

ivanagui2 quaerere

mesa's Issues

Vulnerability Report: Path traversal and Code Execution in dlopen via environment variable

Vulnerability Report: Path traversal and Code Execution in dlopen via environment variable

Affected Project & Line:

mesa/src/glx/dri_common.c

Line 140 in 6cb9e99

if (geteuid() == getuid()) {

Summary

Applications using mesa may be vulnerable to attacks where a local attacker could execute arbitrary code through a maliciously crafted library, loaded via the dlopen() function. This could potentially lead to privilege escalation.

Details

The application reads unsanitized data from the environment variable. This tainted path is subsequently used directly by dlopen() without sufficient validation, allowing directory traversal and possibly loading external malicious libraries.

The security check currently implemented using [specific security check, e.g., geteuid() == getuid()] does not adequately protect against this vulnerability.

Reproduction Steps

1. Set the affected environment variable to a path containing a maliciously crafted library.
2. Run the application or initiate the specific function that calls dlopen().
3. Observe that the malicious code within the library gets executed.

Impact

Attackers with local access can load and execute arbitrary code in systems using the affected application. This can lead to data corruption, data theft, and potentially complete system compromise depending on the application's privileges.

Recommendation

• Implement thorough input validation for the paths loaded via the environment variables.
• Use a whitelist of allowed paths or directory names to mitigate the risk of arbitrary directory traversal.
• Drop elevated privileges immediately after they are no longer required.
• Regularly audit and review the code to ensure that all paths from which libraries or other external resources are loaded are properly validated.
• Check and compare the real group ID and the effective group ID with getgid() and getegid()

CVSS Score

High 7.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]

Root Cause Analysis

The root cause of this vulnerability stems from the lack of input validation when reading paths from environment variables and the subsequent insecure use of such paths with the dlopen() function.

Additional References

https://docs.google.com/document/d/1lRE2lc00WAYa-427crBFO1yBzU7fSUmQIanh9W8Rglo/edit?usp=sharing

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.