Advisories » MGASA-2024-0356

Updated networkmanager-libreswan packages fix security vulnerability

Publication date: 12 Nov 2024
Modification date: 11 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9050

Description

A flaw was found in the libreswan client plugin for NetworkManager
(NetkworkManager-libreswan), where it fails to properly sanitize the VPN
configuration from the local unprivileged user. In this configuration,
composed by a key-value format, the plugin fails to escape special
characters, leading the application to interpret values as keys. One of
the most critical parameters that could be abused by a malicious user is
the "leftupdown" key. This key takes an executable command as a value and
is used to specify what executes as a callback in
NetworkManager-libreswan to retrieve configuration settings back to
NetworkManager. As NetworkManager uses Polkit to allow an unprivileged
user to control the system's network configuration, a malicious actor
could achieve local privilege escalation and potential code execution as
root in the targeted machine by creating a malicious configuration.
(CVE-2024-9050)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33709
• https://www.openwall.com/lists/oss-security/2024/10/25/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9050

SRPMS

9/core

• networkmanager-libreswan-1.2.24-1.mga9