This repository has been archived by the owner on Dec 28, 2023. It is now read-only.

Privilege Escalation Vulnerability by wrong chmod param

Moderate

4ra1n published GHSA-2g28-xrw6-fq5f

Nov 21, 2022

Package

super-xray (super-xray)

Affected versions

0.2-beta

Patched versions

0.3-beta

Description

Severity

安全级别：Moderate
攻击向量：本地
攻击复杂度：高
需要权限：高
用户交互：无
范围：无更改
机密性影响：高
完整性影响：高
可用性影响：高

Vendor

super-xray

Versions Affected

0.3-beta

Description

由于错误地默认将xray变成777权限，导致权限提升漏洞

注意：仅影响Linux和Mac OS系统

    public static void chmod(String path) {
        String[] chmodCmd = new String[]{"/bin/chmod", "777", path};
        exec(chmodCmd);
    }

Mitigation

users should upgrade to super-xray 0.3-beta

Credit

This issue was reported in github issues.

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

High

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H