CVE-2022-21825 Local privilege escalation is possible with Citrix Workspace App for Linux 2012 - 2111 and App Protection installed.

CVE-2022-21825 Local privilege escalation is possible with Citrix Workspace App for Linux 2012 - 2111 and App Protection installed.

An attacker must be able to run code locally to exploit this vulnerability. This vulnerability can be exploited by an unauthenticated attacker. In order to exploit this vulnerability, an attacker must be able to run code locally. End users cannot exploit this vulnerability. The following versions are vulnerable: Workspace app for Linux 2012 - 2111 Workspace app for Linux 2012 - 2110 Workspace app for Linux 2012 - 2109 Workspace app for Linux 2012 - 2108 Workspace app for Linux 2012 - 2107 Workspace app for Linux 2012 - 2106 Workspace app for Linux 2012 - 2105 Workspace app for Linux 2012 - 2104 Workspace app for Linux 2012 - 2103 Workspace app for Linux 2012 - 2102 Workspace app for Linux 2012 - 2101 Workspace app for Linux 2012 - 2100 Workspace app for Linux 2012 - 2099 Workspace app for Linux 2012 - 2098 Workspace app for Linux 2012 - 2097 Workspace app for Linux 2012 - 2096 Workspace app for Linux 2012 - 2095 Workspace app for Linux 2012 - 2094 Workspace app for Linux 2012 - 2093 Workspace app for Linux 2012 - 2092 Workspace app for Linux 2012 - 2091 Workspace app for Linux 2012 - 2090 Workspace app for Linux 2012 - 2089 Workspace app for Linux 2012 - 2088 Workspace app for Linux 2012 - 2087 Workspace app for Linux 2012 - 2086 Workspace app for Linux 2012 - 2085 Workspace

Bug Description

A vulnerability in the Workspace app for Linux 2.12-2.11-1 could allow an unauthenticated attacker to execute arbitrary code on the system by inserting a malicious script into the workspace folder. This issue is caused by a type confusion issue in sandboxing where the sandboxed process attempts to rely on its own token, which leads to memory corruption issues and remote code execution.

Update Workspace app for Linux

It was found that the Workspace app for Linux 2012 - 2111, Workspace app for Linux 2012 - 2110, Workspace app for Linux 2012 - 2109, Workspace app for Linux 2012 - 2108, Workspace app for Linux 2012 - 2107, and Workspace app for Linux 2012 - 2106 are vulnerable to CVE-2022-21825. You can update your version of the Workspace app for Linux to a version that is not vulnerable to this vulnerability by using the following steps:
1) Open the Workspace Client and select Help > Install New Version.
2) Select "Workspace client".
3) Select "Linux" from the platform selection dialog box.
4) Enter "CVE-2022-21825" in the search field in order to find your specific version of the workspace client.
5) Click on "Update Now" and then restart your system after updating it.

Overview

This advisory reports a vulnerability in the Workspace app for Linux. An attacker must be able to run code locally to exploit this vulnerability. This vulnerability can be exploited by an unauthenticated attacker. End users cannot exploit this vulnerability. The following versions are vulnerable: Workspace app for Linux 2012 - 2111 Workspace app for Linux 2012 - 2110 Workspace app for Linux 2012 - 2109 Workspace app for Linux 2012 - 2108 Workspace app for Linux 2012 - 2107 Workspace app for Linux 2012 - 2106 Workspace app for Linux 2012 - 2105 Workspace app for Linux 2012 - 2104 Workspace app for Linux 2012 - 2103 Workspace app for Linux 2012 - 2102 Workspace app for Linux 2012 - 2101 Workspace app for Linux 2012 - 2100
Workspace, Inc. has released a firmware update that fixes the issue described in CVE-2022-21825.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe