CVE-2022-37706 Enlightenment before 0.25.4 is setuid root and has a system library function that mishandles pathnames that begin with /dev.

CVE-2018-10914 Enlightenment before 0.25.4 is vulnerable to a local privilege escalation via a crafted X application that has a directory that is a dev/.. device.

CVE-2018-10915 Enlightenment before 0.25.4 has an issue in the handling of images that could result in local privilege escalation. It mishandles filenames that begin with a /dev/.. substring.

CVE-2018-10916 The system library function in Enlightenment before 0.25.4 fails to correctly handle pathnames that begin with a /dev/.. substring, which allows local users to gain privileges via a crafted X application.

CVE-2018-10917 The system library function in Enlightenment before 0.25.4 mishandles pathnames that begin with a /dev/.. substring, which allows local users to gain privileges via a crafted X application.

CVE-2018-10919 The system library function in Enlightenment before 0.25.4 fails to correctly handle paths that begin with a /dev/.. substring, which allows local users to gain privileges via a crafted X application.

CVE-2018-10920 The system library function in Enlightenment before 0.25.4 mishandles pathnames that begin with a /dev/.. substring, which allows local users to gain privileges via a crafted X application.

CVE-2018-10921 The system library function in Enlightenment before 0.25.4

How does this work?

A local privilege escalation occurs when an attacker has elevated privileges on a system.

A local privilege escalation may occur due to the lack of proper validation and sanitization within the programming language's runtime library. When a file is created, it must be marked as executable before it can run. However, if a file name begins with a device name (for example: "/dev/./.."), then the file will be executed with permissions of that device rather than that of the current user. In this case, many programs will not catch this error and allow attackers to take advantage of their elevated privileges.

This vulnerability is present in all versions of Enlightenment 0.25

Timeline

Published on: 12/25/2022 19:15:00 UTC
Last modified on: 01/04/2023 20:30:00 UTC

References

• https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
• https://git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef123e4abaf63a1f5064
• https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37706