CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45593 – Nix affected by unsafe NAR unpacking
https://notcve.org/view.php?id=CVE-2024-45593
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6. • https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59 https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.6EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38531 – Nix sandbox escape
https://notcve.org/view.php?id=CVE-2024-38531
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4. Nix es un administrador de paquetes para Linux y otros sistemas Unix que hace que la administración de paquetes sea confiable y reproducible. • https://github.com/NixOS/nix/pull/10501 https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5 • CWE-278: Insecure Preserved Inherited Permissions •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27297 – Nix Corruption of fixed-output derivations
https://notcve.org/view.php?id=CVE-2024-27297
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. • https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000 https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 https://hackmd.io/03UGerewRcy3db44JQoWvw • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17365
https://notcve.org/view.php?id=CVE-2019-17365
Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. Nix versiones hasta 2.3, permite a usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son de tipo world writable. • http://www.openwall.com/lists/oss-security/2019/10/09/4 http://www.openwall.com/lists/oss-security/2019/10/10/1 http://www.openwall.com/lists/oss-security/2019/10/17/3 • CWE-276: Incorrect Default Permissions •