Description

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.  Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this "config" map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access. 

INFO

Published Date :

2024-05-08T01:53:34.726Z

Last Modified :

2024-09-17T21:32:39.341Z

Source :

fedora
AFFECTED PRODUCTS

The following products are affected by CVE-2024-1929 vulnerability.

Vendors Products
Fedora
  • Dnf5daemon-server
Rpm
  • Dnf5
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-1929.

URL Resource
https://www.openwall.com/lists/oss-security/2024/03/04/2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact