CVE-2024-25763 - openNDS 10.2. Use-After-Free vulnerability in auth.c

In today's post, we will be discussing CVE-2024-25763, a Use-After-Free vulnerability discovered in openNDS 10.2.. openNDS (Network Detection System) is a widely-used open-source software package that helps administrators provide a secure and controlled browsing experience for public Wi-Fi networks. Unfortunately, the vulnerability can lead to potential exploitation by malicious actors if left unaddressed, providing them unauthorized access to sensitive information or even the control of affected systems.

Vulnerability Overview

The vulnerability lies within the /openNDS/src/auth.c file in openNDS 10.2. - specifically the process_unknown_request() function. This function improperly manages memory allocation during authentication when handling external HTTP requests, causing a Use-After-Free issue. With this vulnerability, attackers can potentially execute arbitrary code or cause a denial of service by sending crafted HTTP requests.

Code Snippet: Vulnerable Function

Below is a snippet from the function in question within the /openNDS/src/auth.c file, showcasing the vulnerable portion of code.

void process_unknown_request(request *r) {
	...
	while ((option_row = get_option(r->client_params)) != NULL) {
		...
		if (!strcmp(name, "redir")) {
			... // Assignments
			free(name);
		} else {
			...
			free(name);
		}
	}
	...
}

Exploit Details

An attacker who can send specially crafted HTTP requests to the system running openNDS can potentially exploit this vulnerability. To do so, they must send an HTTP request with a crafted "redir" parameter that manipulates the process_unknown_request() function. This may trigger the Use-After-Free error by attempting to free the memory associated with the name variable twice. This can ultimately lead to arbitrary code execution or the triggering of a denial of service in openNDS systems.

Mitigations

To mitigate this vulnerability, administrators should immediately patch their openNDS installations with the latest version or apply hotfixes provided by the developers. It is crucial always to stay updated with the latest security patches and advisories to reduce the risk of exposure to newly-discovered vulnerabilities.

References

For more information about CVE-2024-25763 and the technical details behind the vulnerability, please visit the following links:

1. CVE-2024-25763 - National Vulnerability Database (NVD)
2. openNDS Github Repository
3. openNDS 10.2. vulnerability disclosure

Conclusion

In summary, CVE-2024-25763 is a Use-After-Free vulnerability in openNDS 10.2., arising from improper memory handling in the /openNDS/src/auth.c file. Attackers can potentially exploit this vulnerability, leading to arbitrary code execution or denial of service. To safeguard their systems, administrators must ensure that they swiftly apply the latest patches and adhere to best security practices.

Stay tuned for more information about emerging vulnerabilities and software security issues, and always remember to keep your systems up-to-date and secured against potential threats.

Timeline

Published on: 02/26/2024 16:27:59 UTC
Last modified on: 02/26/2024 16:32:25 UTC