The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be exploited by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner.
“An attacker could use this security issue to trick a privileged program into deleting files and directories that the attacker could not otherwise access or delete,” the Rust Security Response (WG) Working Group said. noted in one advisory published on January 20, 2021.
Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability. The fault, which is tracked as CVE-2022-21658 (CVSS score: 7.3), was attributed to security researcher Hans Kratz, the team having proposed a fix in Rust Version 1.58.1 shipped last week.
Specifically, the issue stems from a poorly implemented check to prevent recursive deletion of symbolic links (aka symbolic links) in a standard library function named “std::fs::remove_dir_all”. This results in a race condition, which, in turn, could be reliably exploited by an adversary abusing their access to a privileged program to delete sensitive directories.
“Instead of telling the system not to follow symlinks, the standard library first checked to see if the thing it was about to delete was a symlink, otherwise it would recursively delete the directory” , says the notice. “This exposed a race condition: an attacker could create a directory and replace it with a symbolic link between verification and actual deletion.”
Rust, while not a widely used programming language, has seen an increase in adoption in recent years for its memory-related security guarantees. Last year, Google announced that its open-source version of the Android operating system will add programming language support to avoid memory security bugs.
Comments are closed.