Plattform
other
Komponente
tgstation-server
Behoben in
4.0.1
CVE-2024-41799 is a remote code execution (RCE) vulnerability affecting tgstation-server, a BYOND server management tool. An attacker with low privileges can exploit this flaw to execute malicious .dme files, potentially gaining control of the server if the BYOND environment is configured with trusted security level. This vulnerability impacts versions 4.0.0 through 6.7.9 and has been resolved in version 6.8.0.
This vulnerability allows a low-permission user to manipulate the .dme file compilation process within tgstation-server. By setting a malicious .dme file to be compiled and executed, an attacker can inject arbitrary code into the BYOND server. The severity is amplified if the server is configured to operate in BYOND's trusted security level, which requires either a third isolated privilege or is set by another user. Successful exploitation can lead to complete remote code execution, enabling attackers to compromise the entire server, steal sensitive data, or disrupt operations. The potential for lateral movement depends on the server's network configuration and access controls.
CVE-2024-41799 was publicly disclosed on July 29, 2024. There is no indication of active exploitation campaigns at this time. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are not yet widely available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is released.
tgstation-server deployments, particularly those running versions 4.0.0 through 6.7.9, are at risk. Environments utilizing the "Set .dme Path" privilege and configured with BYOND's trusted security level are especially vulnerable. Shared hosting environments running tgstation-server should be considered high-risk due to the potential for cross-tenant exploitation.
• linux / server:
journalctl -u tgstation-server | grep '.dme Path' -i• linux / server:
lsof | grep '.dme'• generic web:
Inspect tgstation-server configuration files for insecure settings related to trusted security level and shell() proc.
disclosure
Exploit-Status
EPSS
7.02% (91% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to tgstation-server version 6.8.0 or later, which addresses the vulnerability. If upgrading immediately is not feasible, consider implementing temporary workarounds. Restrict access to the "Set .dme Path" privilege to trusted users only. Implement strict file integrity monitoring on the server to detect unauthorized .dme file modifications. Disable BYOND's trusted security level if it's not absolutely necessary. After upgrading, confirm the fix by attempting to set a benign .dme file and verifying that it does not trigger unexpected code execution.
Actualice tgstation-server a la versión 6.8.0 o superior. Esta versión corrige la vulnerabilidad que permite a usuarios con pocos permisos compilar y ejecutar archivos .dme maliciosos fuera del directorio de implementación. La actualización previene la posible escalada a ejecución remota de código.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-41799 is a remote code execution vulnerability in tgstation-server, allowing low-permission users to potentially execute malicious .dme files.
You are affected if you are running tgstation-server versions 4.0.0 through 6.7.9.
Upgrade to version 6.8.0 or later. If upgrading isn't possible, restrict access to the 'Set .dme Path' privilege and review BYOND security settings.
There is currently no indication of active exploitation, but the vulnerability's potential impact makes it a possible target.
Refer to the tgstation-server project's official communication channels for the latest advisory and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.