Incorrect User Management Affecting github.com/ubuntu/authd/internal/services/nss package, versions *


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-GOLANG-GITHUBCOMUBUNTUAUTHDINTERNALSERVICESNSS-8185034
  • published14 Oct 2024
  • disclosed11 Oct 2024
  • creditnbraud

Introduced: 11 Oct 2024

CVE-2024-9312  (opens in a new tab)
CWE-286  (opens in a new tab)

How to fix?

There is no fixed version for github.com/ubuntu/authd/internal/services/nss.

Overview

github.com/ubuntu/authd/internal/services/nss is an implementation of the NSS gRPC service protocol

Affected versions of this package are vulnerable to Incorrect User Management in users/manager.go and nss.go, which implement GenerateID() for UIDs and GIDs. This function is prone to collisions and can be attacked by offline brute forcing of UIDs to impersonate a legitimate user and escalate privileges.

Note:

This vulnerability was mitigated in version 0.3.6 by making the UID/GID ranges configurable, so administrators can make sure that the ranges don't overlap with the ranges used by other system components. Even if this responsibility was moved to administrators, the default range is still 1000000000-1999999999 and if it is not changed, a Generated UID can still be used by another user on the system.

References

CVSS Scores

version 4.0
version 3.1