The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner.
“An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn’t otherwise access or delete,” the Rust Security Response working group (WG) said in an advisory published on January 20, 2021.
Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability. The flaw, which is tracked as CVE-2022-21658 (CVSS score: 7.3), has been credited to security researcher Hans Kratz, with the team pushing out a fix in Rust version 1.58.1 shipped last week.
Specifically, the issue stems from an improperly implemented check to prevent recursive deletion of symbolic links (aka symlinks) in a standard library function named “std::fs::remove_dir_all.” This results in a race condition, which, in turn, could be reliably exploited by an adversary by abusing their access to a privileged program to delete sensitive directories.
“Instead of telling the system not to follow symlinks, the standard library first checked whether the thing it was about to delete was a symlink, and otherwise it would proceed to recursively delete the directory,” the advisory said. Read more: https://bit.ly/3ArDEOO