October 10, 2023 at 12:07PM
Researchers have discovered a high-severity remote code execution (RCE) vulnerability in a component of GNOME-based Linux distros. Tracked as CVE-2023-43641, the exploit takes advantage of the libcue library, used to parse cue sheets, and the tracker-miners application. The vulnerability affects all GNOME-based distros and can be triggered by downloading a malicious .cue file. Exploits have been created for Ubuntu and Fedora, but the issue is believed to be potentially exploitable in other distros. The full proof of concept has not been published to allow time for patches to be installed.
Key takeaways from the meeting notes:
1. Researchers have discovered a high-severity remote code execution (RCE) vulnerability in the libcue library, which is used to parse .cue files in GNOME-based Linux distros.
2. The vulnerability takes advantage of the tracker-miners application, which is responsible for indexing files and appears in search results.
3. The exploit can be triggered by downloading a maliciously crafted .cue file and storing it in a commonly scanned directory.
4. The vulnerability has been proven to work on the latest versions of Ubuntu and Fedora, but it is believed to potentially affect all GNOME-based distros.
5. Kevin Backhouse, a security researcher at GitHub, has successfully created exploits for the vulnerability in Ubuntu and Fedora, and believes that any GNOME-based distro is “potentially exploitable”.
6. The bug is categorized as a memory corruption flaw and has been given a provisional severity rating of 8.8.
7. The issue is related to the way the INDEX syntax of a cue sheet is handled and the lack of checks for integer overflow.
8. The exploit allows for an out-of-bounds write, and due to the consistency of each distro’s heap layout, an attacker could compile a zip archive containing files to target multiple distros.
9. Backhouse also discovered a sandbox escape while developing the exploit, which has already been fixed by GNOME’s developers.
10. It is recommended to patch systems with the available updates once they are released to mitigate the vulnerability.
Full Article – https://ift.tt/G7JPvRu