Improper Privilege Management in nixos/nix | CVE-2024-38531

Q: How to fix?

Upgrade nixos/nix to version 2.18.0, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0 or higher.

Threat Intelligence

0.04% (12^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-UNMANAGED-NIXOSNIX-7411841
published28 Jun 2024
disclosed28 Jun 2024
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 28 Jun 2024

CVE-2024-38531 (opens in a new tab) CWE-278 (opens in a new tab)

How to fix?

Upgrade nixos/nix to version 2.18.0, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0 or higher.

Overview

Affected versions of this package are vulnerable to Improper Privilege Management through the build process. An attacker can escalate privileges and hijack all future builds by creating a setuid binary in a globally accessible location and assuming the permissions of a Nix daemon worker.

Notes:

The following conditions must be met:

The local user has access to the Nix daemon.
Seccomp is disabled, meaning that the sandbox is disabled or filter-syscalls if set to false on Linux, or seccomp is ineffective.

Workaround

If Nix version is >= 2.22, set build-dir to a location that is only accessible by root( #10312 )
Run your Nix daemon with $TMPDIR set to a location only accessible by root.

References

GitHub PR

CVSS Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Attack Requirements (AT)
Present
Privileges Required (PR)
Low
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
Low
Availability (VA)
Low

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Improper Privilege Management Affecting nixos/nix package, versions [,2.18.0)[,2.19.0)[,2.20.0)[,2.21.0)[,2.22.0)[,2.23.0)

Severity