CVE-2024-2746 – Incomplete fix for CVE-2024-1929

https://notcve.org/view.php?id=CVE-2024-2746

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question.  On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. • https://github.com/xct/CVE-2024-27460 https://github.com/Alaatk/CVE-2024-27460 https://github.com/Alaatk/CVE-2024-27462 https://github.com/10cks/CVE-2024-27460-installer https://www.openwall.com/lists/oss-security/2024/04/03/5 • CWE-20: Improper Input Validation •