HistoryEdit

RUSTSEC-2020-0030

Missing sanitazion in mozwire allows local file overwrite of files ending in .conf

Issued
Package
mozwire (crates.io)
Type
Vulnerability
Keywords
#file-overwrite
Aliases
Details
https://github.com/NilsIrl/MozWire/issues/14
CVSS Score
9.1 CRITICAL
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Patched
  • >0.4.1
Keywords
#file-overwrite

Description

The client software downloaded a list of servers from mozilla's servers and created local files named after the hostname field in the json document.

No verification of the content of the string was made, and it could therefore have included '../' leading to path traversal.

This allows an attacker in control of mozilla's servers to overwrite/create local files named .conf.

The flaw was corrected by sanitizing the hostname field.