CVE-2024-41111 – BishopFox Sliver Authenticated Remote Code Execution

https://notcve.org/view.php?id=CVE-2024-41111

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. The exploit is pretty fun as we make the Sliver server pwn itself. As described in a past issue (#65), "there is a clear security boundary between the operator and server, an operator should not inherently be able to run commands or code on the server." • https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57 https://github.com/BishopFox/sliver/issues/65 https://github.com/BishopFox/sliver/pull/1281 https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8 https://sliver.sh/docs?name=Multi-player+Mode • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •