A critical security vulnerability has been discovered in Red Hat’s NetworkManager-libreswan plugin, identified as CVE-2024-9050. This flaw poses a significant risk as it allows local attackers to escalate privileges and potentially gain root access to Linux systems. With a CVSS base score of 7.8, the vulnerability is classified as highly severe, underscoring the urgency for organizations to address it promptly. The issue stems from the plugin’s failure to properly sanitize VPN configurations, particularly through the leftupdown parameter, which accepts executable commands as values.
The vulnerability exploits improper handling of special characters within the key-value format of configuration settings. Attackers can manipulate the leftupdown parameter to be interpreted as keys, thereby executing arbitrary commands. This flaw is particularly concerning as NetworkManager employs Polkit, which allows unprivileged users to manage network configurations. Consequently, an attacker with local access could leverage this vulnerability to execute malicious code with root-level privileges.
Affected systems include various versions of Red Hat Enterprise Linux, such as Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions and Red Hat Enterprise Linux Server AUS 7.7. Multiple architectures are impacted, including x86_64, ppc64le, aarch64, and s390x. In response, Red Hat has classified this vulnerability as “Important” and released security patches through advisories RHSA-2024:8312 and RHSA-2024:8338. System administrators are strongly encouraged to update affected systems to mitigate the risks associated with this flaw.
While patches are available, organizations unable to apply them immediately may consider temporary mitigation strategies, such as restricting local users’ ability to control networking through Polkit. However, this could impact functionality, particularly for laptop users. It is vital for organizations utilizing affected Red Hat systems to prioritize these updates, reinforcing the importance of input sanitization and effective privilege management in network-related software components to safeguard against potential exploitation.
