Vulnerability Description
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Guix | >= 0.11.0, < 1.2.0 |
Related Weaknesses (CWE)
References
- https://bugs.gnu.org/47229Issue TrackingMailing ListPatch
- https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daPatchVendor Advisory
- https://bugs.gnu.org/47229Issue TrackingMailing ListPatch
- https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daPatchVendor Advisory
FAQ
What is CVE-2021-27851?
CVE-2021-27851 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an...
How severe is CVE-2021-27851?
CVE-2021-27851 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27851?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Guix.