CVE-2024-32019

ndsudo: local privilege escalation via untrusted search path

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Netdata es una herramienta de observabilidad de código abierto. En las versiones afectadas, la herramienta `ndsudo` incluida con las versiones afectadas del Netdata Agent permite a un atacante ejecutar programas arbitrarios con permisos de root. La herramienta `ndsudo` está empaquetada como un ejecutable propiedad de `root` con el bit SUID configurado. Solo ejecuta un conjunto restringido de comandos externos, pero sus rutas de búsqueda las proporciona la variable de entorno `PATH`. Esto permite a un atacante controlar dónde busca `ndsudo` estos comandos, que puede ser una ruta a la que el atacante tiene acceso de escritura. Esto puede conducir a una escalada de privilegios locales. Esta vulnerabilidad se ha solucionado en las versiones 1.45.3 y 1.45.2-169. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.

*Credits: N/A

CVSS Scores

GitHubv3.1 8.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-04-09 CVE Reserved
2024-04-12 CVE Published
2024-04-13 EPSS Updated
2024-09-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-426: Untrusted Search Path

CAPEC

References (2)

URL	Tag	Source
https://github.com/netdata/netdata/pull/17377	X_refsource_misc
https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netdata Search vendor "Netdata"		Netdata Search vendor "Netdata" for product "Netdata"				>= 1.45.0 < 1.45.3 Search vendor "Netdata" for product "Netdata" and version " >= 1.45.0 < 1.45.3"		en		Affected
Netdata Search vendor "Netdata"		Netdata Search vendor "Netdata" for product "Netdata"				>= 1.44.0 < 1.45.0 Search vendor "Netdata" for product "Netdata" and version " >= 1.44.0 < 1.45.0"		en		Affected