Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nix sandbox escape: file write via symlink at FOD `.tmp` copy destination
Vulnerability Description
Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user installations) by following symlinks during fixed-output derivation output registration. This affects sandboxed Linux builds - sandboxed macOS builds are unaffected. The location of the temporary output used for the output copy was located inside the build chroot. A symlink, pointing to an arbitrary location in the filesystem, could be created by the derivation builder at that path. During output registration, the Nix process (running in the host mount namespace) would follow that symlink and overwrite the destination with the derivation's output contents. In multi-user installations, this allows all users able to submit builds to the Nix daemon (allowed-users - defaulting to all users) to gain root privileges by modifying sensitive files. This vulnerability is fixed in 2.34.5, 2.33.4, 2.32.7, 2.31.4, 2.30.4, 2.29.3, and 2.28.6.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
CWE-61
Vulnerability Title
Nix 安全漏洞
Vulnerability Description
Nix是Nix开源的一个包管理器。 Nix 2.34.5之前版本、2.33.4之前版本、2.32.7之前版本、2.31.4之前版本、2.30.4之前版本、2.29.3之前版本和2.28.6之前版本存在安全漏洞,该漏洞源于符号链接处理不当,可能导致任意文件覆盖和权限提升。
CVSS Information
N/A
Vulnerability Type
N/A