Lucene search
AddisoncrumpH1:2094785HistoryAug 03, 2023 - 3:30 p.m.
Internet Bug Bounty: Cargo not respecting umask when extracting crate archives
2023-08-0315:30:18
addisoncrump
hackerone.com
$4660
32
internet bug bounty
cargo
umask
crate archives
cwe-278
file permissions
local attack
arbitrary code
supply chain attack
0.0004 Low
EPSS
Percentile
5.1%
Cargo did not properly protect files in the cargo registry. When an archive contained files which were marked as globally writeable, they would be unpacked as-is and retain their global writeability. This is CWE-278 (not available in HackerOne).
This was discovered as part of a (personal) routine file permissions check:
find / ! -type l -perm -002 -exec ls -alhd {} \;
Impact
A local attacker may inject arbitrary code into the cached files present in the cargo registry. This, in turn, allows for a local attacker to act as the targeted user (when the user compiles the modified code) or to poison prebuilt binaries built by that user and thus have arbitrary code execution against downstream users (supply chain attack).
Related
cve
cve
CVE-2023-38497
2023-08-04 16:15:10
osv
osv
Cargo not respecting umask when extracting crate archives
2023-08-03 16:30:52
CVE-2023-38497
2023-08-04 16:15:10
cargo, rust-cargo vulnerability
2023-08-03 14:30:10
debiancve
debiancve
CVE-2023-38497
2023-08-04 16:15:10
redhat
redhat
(RHSA-2023:4651) Important: rust-toolset-1.66-rust security update
2023-08-15 00:05:25
(RHSA-2023:4635) Important: rust-toolset:rhel8 security update
2023-08-14 13:43:13
(RHSA-2024:3428) Important: rust-toolset:rhel8 security update
2024-05-28 13:07:54
nessus
nessus
AlmaLinux 8 : rust-toolset:rhel8 (ALSA-2023:4635)
2023-08-16 00:00:00
Rocky Linux 9 : rust (RLSA-2023:4634)
2023-08-24 00:00:00
RHEL 9 : rust (RHSA-2023:4634)
2023-08-14 00:00:00
ubuntu
ubuntu
Cargo vulnerability
2023-08-03 00:00:00
amazon
amazon
Important: rust
2023-08-31 22:28:00
cbl_mariner
cbl_mariner
CVE-2023-38497 affecting package rust for versions less than 1.72.0-2
2023-10-11 01:41:59
openvas
openvas
Fedora: Security Advisory for rust (FEDORA-2023-4824704a61)
2023-08-17 00:00:00
openSUSE: Security Advisory for rust1.71 (SUSE-SU-2023:3251-1)
2024-03-04 00:00:00
Fedora: Security Advisory for rust (FEDORA-2023-6f2c7aa713)
2023-08-10 00:00:00
veracode
veracode
Directory Traversal
2023-08-07 05:59:23
fedora
fedora
[SECURITY] Fedora 38 Update: rust-1.71.1-1.fc38
2023-08-10 00:43:17
[SECURITY] Fedora 37 Update: rust-1.71.1-1.fc37
2023-08-17 00:34:26
oraclelinux
oraclelinux
rust security update
2023-08-25 00:00:00
rust-toolset:ol8 security update
2023-08-28 00:00:00
github
github
Cargo not respecting umask when extracting crate archives
2023-08-03 16:30:52
redhatcve
redhatcve
CVE-2023-38497
2023-08-04 11:23:22
alpinelinux
alpinelinux
CVE-2023-38497
2023-08-04 16:15:10
prion
prion
Code injection
2023-08-04 16:15:00
rocky
rocky
rust security update
2023-08-24 04:21:28
rust-toolset:rhel8 security update
2023-08-24 04:21:04
cvelist
cvelist
CVE-2023-38497 Cargo not respecting umask when extracting crate archives
2023-08-04 15:51:44
nvd
nvd
CVE-2023-38497
2023-08-04 16:15:10
almalinux
almalinux
Important: rust security update
2023-08-14 00:00:00
Important: rust-toolset:rhel8 security update
2023-08-14 00:00:00
ubuntucve
ubuntucve
CVE-2023-38497
2023-08-03 00:00:00