प्लेटफ़ॉर्म
linux
घटक
nix
में ठीक किया गया
2.24.1
CVE-2024-45593 is a critical vulnerability affecting Nix package manager versions 2.24.0 through 2.24. An attacker can exploit this flaw by crafting a malicious NAR (Nix Archive Record) file. Upon unpacking, Nix will write to arbitrary file system locations accessible to the Nix process, potentially with root privileges if the Nix daemon is in use. The vulnerability is resolved in Nix version 2.24.6.
The impact of CVE-2024-45593 is severe. A successful exploit allows an attacker to write arbitrary files to the system with root privileges. This could lead to complete system compromise, including the installation of malware, modification of critical system files, and persistent backdoor access. The ability to write to arbitrary locations significantly expands the attack surface, potentially affecting any file accessible by the Nix process. This vulnerability shares similarities with other file path traversal vulnerabilities, where crafted input leads to unintended file system modifications.
CVE-2024-45593 was publicly disclosed on September 10, 2024. The vulnerability's criticality (CVSS 9.1) and the potential for root privilege escalation suggest a high probability of exploitation. While no public proof-of-concept (PoC) has been widely released, the ease of crafting malicious NAR files makes it likely that exploits will emerge. It is not currently listed on the CISA KEV catalog.
Systems administrators and developers using Nix for package management, particularly those running Nix with root privileges or in automated build environments, are at significant risk. Shared hosting environments where multiple users have access to the Nix daemon are also particularly vulnerable.
• linux / server:
journalctl -u nix-daemon | grep -i "error writing file"• linux / server:
find / -type f -name '*.nar' -mtime -7 -print• linux / server:
ps aux | grep nix-daemon• linux / server:
ls -l /nix/store | grep -i 'unauthorized'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.45% (64% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-45593 is to immediately upgrade to Nix version 2.24.6 or later. If an immediate upgrade is not feasible, consider restricting access to the Nix daemon and carefully auditing all NAR files before unpacking. Implement strict file system permissions to limit the impact of potential writes. While a WAF is unlikely to be effective here, monitoring for unusual file creation events within the Nix environment can provide early detection. After upgrading, confirm the fix by attempting to unpack a known malicious NAR file (if available) in a controlled environment to verify that the vulnerability is no longer exploitable.
Nix को संस्करण 2.24.6 या उच्चतर में अपडेट करें। यह फ़ाइल सिस्टम के मनमाने स्थानों पर लिखने की अनुमति देने वाले भेद्यता को ठीक कर देगा। अपडेट सिस्टम पैकेज मैनेजर के माध्यम से या Nix की आधिकारिक वेबसाइट से नवीनतम संस्करण डाउनलोड करके किया जा सकता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-45593 is a critical vulnerability in Nix versions 2.24.0–2.24 that allows attackers to write arbitrary files with root privileges by crafting malicious NAR files.
If you are using Nix versions 2.24.0 through 2.24, you are potentially affected by this vulnerability. Upgrade to 2.24.6 or later to mitigate the risk.
The recommended fix is to upgrade to Nix version 2.24.6 or later. If an upgrade is not immediately possible, restrict access to the Nix daemon and carefully audit NAR files.
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of future attacks.
Refer to the Nix security advisory for detailed information and updates: [https://security.nixos.org/advisories/CVE-2024-45593](https://security.nixos.org/advisories/CVE-2024-45593)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।