CVE-2024-42381 - OpenCVE

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Homebrew	Brew

No data.

No data.

References

Link	Providers
https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/
https://brew.sh/2024/07/30/homebrew-security-audit/
https://github.com/Homebrew/brew/commit/916b37388d3851a8a93a8e9b4adc38873680ead7
https://github.com/Homebrew/brew/pull/17136
https://github.com/Homebrew/brew/releases/tag/4.2.20
https://github.com/Homebrew/brew/tree/237d1e783f7ee261beaba7d3f6bde22da7148b0a
https://github.com/trailofbits/publications/blob/master/reviews/2023-08-28-homebrew-securityreview.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-31T00:00:00

Updated: 2024-07-31T17:03:46.038Z

Reserved: 2024-07-31T00:00:00

Link: CVE-2024-42381

Vulnrichment

Updated: 2024-07-31T17:03:38.967Z

NVD

Status : Awaiting Analysis

Published: 2024-07-31T06:15:02.130

Modified: 2024-08-01T13:59:22.207

Link: CVE-2024-42381

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-42381", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-07-31T17:03:46.038Z", "dateReserved": "2024-07-31T00:00:00", "datePublished": "2024-07-31T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-31T05:40:14.432678"}, "descriptions": [{"lang": "en", "value": "os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Homebrew/brew/tree/237d1e783f7ee261beaba7d3f6bde22da7148b0a"}, {"url": "https://github.com/trailofbits/publications/blob/master/reviews/2023-08-28-homebrew-securityreview.pdf"}, {"url": "https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/"}, {"url": "https://brew.sh/2024/07/30/homebrew-security-audit/"}, {"url": "https://github.com/Homebrew/brew/commit/916b37388d3851a8a93a8e9b4adc38873680ead7"}, {"url": "https://github.com/Homebrew/brew/releases/tag/4.2.20"}, {"url": "https://github.com/Homebrew/brew/pull/17136"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-830", "lang": "en", "description": "CWE-830 Inclusion of Web Functionality from an Untrusted Source"}]}], "affected": [{"vendor": "homebrew", "product": "brew", "cpes": ["cpe:2.3:a:homebrew:brew:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.2.20", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-31T16:56:17.154538Z", "id": "CVE-2024-42381", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T17:03:46.038Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42381", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-31T16:56:17.154538Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:homebrew:brew:*:*:*:*:*:*:*:*"], "vendor": "homebrew", "product": "brew", "versions": [{"status": "affected", "version": "0", "lessThan": "4.2.20", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-830", "description": "CWE-830 Inclusion of Web Functionality from an Untrusted Source"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T17:03:38.967Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Homebrew/brew/tree/237d1e783f7ee261beaba7d3f6bde22da7148b0a"}, {"url": "https://github.com/trailofbits/publications/blob/master/reviews/2023-08-28-homebrew-securityreview.pdf"}, {"url": "https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/"}, {"url": "https://brew.sh/2024/07/30/homebrew-security-audit/"}, {"url": "https://github.com/Homebrew/brew/commit/916b37388d3851a8a93a8e9b4adc38873680ead7"}, {"url": "https://github.com/Homebrew/brew/releases/tag/4.2.20"}, {"url": "https://github.com/Homebrew/brew/pull/17136"}], "descriptions": [{"lang": "en", "value": "os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-31T05:40:14.432678"}}}, "cveMetadata": {"cveId": "CVE-2024-42381", "state": "PUBLISHED", "dateUpdated": "2024-07-31T17:03:46.038Z", "dateReserved": "2024-07-31T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-07-31T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)"}, {"lang": "es", "value": " os/linux/elf.rb en Homebrew Brew anterior a 4.2.20 usa ldd para cargar archivos ELF obtenidos de fuentes no confiables, lo que permite a los atacantes lograr la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de un archivo ELF con una secci\u00f3n .interp personalizada. NOTA: la ejecuci\u00f3n de este c\u00f3digo ocurrir\u00eda durante una fase de reubicaci\u00f3n binaria sin espacio aislado, que ocurre antes de que un usuario espere la ejecuci\u00f3n del contenido del paquete descargado. (237d1e783f7ee261beaba7d3f6bde22da7148b0a fue la versi\u00f3n vulnerable probada)."}], "id": "CVE-2024-42381", "lastModified": "2024-08-01T13:59:22.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2024-07-31T06:15:02.130", "references": [{"source": "cve@mitre.org", "url": "https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/"}, {"source": "cve@mitre.org", "url": "https://brew.sh/2024/07/30/homebrew-security-audit/"}, {"source": "cve@mitre.org", "url": "https://github.com/Homebrew/brew/commit/916b37388d3851a8a93a8e9b4adc38873680ead7"}, {"source": "cve@mitre.org", "url": "https://github.com/Homebrew/brew/pull/17136"}, {"source": "cve@mitre.org", "url": "https://github.com/Homebrew/brew/releases/tag/4.2.20"}, {"source": "cve@mitre.org", "url": "https://github.com/Homebrew/brew/tree/237d1e783f7ee261beaba7d3f6bde22da7148b0a"}, {"source": "cve@mitre.org", "url": "https://github.com/trailofbits/publications/blob/master/reviews/2023-08-28-homebrew-securityreview.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-830"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}