Red Hat Warns of Privilege Escalation Flaw CVE-2024-9050 in NetworkManager-libreswan

CVE-2024-9050

A newly discovered vulnerability in the libreswan client plugin for NetworkManager could allow attackers to gain root access on Red Hat Enterprise Linux 9 systems.

Red Hat has issued a security advisory warning of a high-severity vulnerability (CVE-2024-9050) in the NetworkManager-libreswan package. This flaw could allow a local attacker to escalate their privileges and execute arbitrary code with root privileges.

The vulnerability stems from improper sanitization of VPN configurations. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys,” explains the Red Hat security bulletin. This allows an attacker to manipulate the leftupdownkey parameter, which executes a command as a callback. By injecting malicious commands, an attacker can bypass security measures and gain complete control of the system.

This issue marked with an Important severity due to its potential to enable local privilege escalation and arbitrary code execution,” Red Hat states. The vulnerability is particularly concerning because NetworkManager utilizes Polkit to allow unprivileged users to manage network settings. This mechanism, intended for user convenience, inadvertently provides an attack vector for exploiting this flaw.

Red Hat has addressed CVE-2024-9050 in Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Users are urged to update their systems immediately.

While a complete fix is available, Red Hat also suggests a mitigation strategy for those unable to immediately patch their systems: “One potential approach is to prevent local users from controlling networking through polkit. However, this would also block them from connecting to new Wi-Fi networks, which is not ideal for laptops but might be acceptable for workstations. Server customers typically don’t need to be concerned, as they generally don’t have local users capable of exploiting the bug.”

Related Posts: