New High-Severity Vulnerability in Red Hat NetworkManager-libreswan Plugin Allows Local Privilege Escalation
A serious security vulnerability, CVE-2024-9050, has been found in Red Hat’s NetworkManager-libreswan plugin, enabling local attackers to potentially gain root access on Linux systems. This flaw, with a high CVSS base score of 7.8, highlights the pressing need for immediate action, especially for affected Red Hat Enterprise Linux (RHEL) systems.
Root Cause of the Vulnerability
The flaw arises from improper sanitization of VPN configurations within the NetworkManager-libreswan plugin. Specifically, the vulnerability lies in the leftupdown
parameter, designed for callbacks between NetworkManager-libreswan and NetworkManager. This parameter’s acceptance of executable commands introduces a pathway for exploitation. Because special characters in the key-value configuration format are improperly handled, attackers can manipulate values into being interpreted as keys, opening the door to privilege escalation.
Compounding this vulnerability, Polkit allows unprivileged users to manage network configurations. This setup inadvertently provides local attackers with a pathway for root-level code execution, exposing Linux systems to high-severity risks.
Impact and Affected Systems
This vulnerability affects multiple versions of Red Hat Enterprise Linux, specifically:
- Red Hat Enterprise Linux 9.0 (SAP Solutions)
- Red Hat Enterprise Linux Server AUS 7.7
- Architectures such as x86_64, ppc64le, aarch64, and s390x
Red Hat has rated this security issue as “Important” and released security patches in RHSA-2024:8312 and RHSA-2024:8338. These advisories provide updated NetworkManager-libreswan packages to mitigate the issue across various platforms.
Mitigation and Recommendations
Red Hat has already issued patches, and administrators should update their systems immediately to protect against potential exploits. In cases where immediate patching is not feasible, administrators may consider a temporary workaround by restricting local users’ network control permissions via Polkit. While effective, this mitigation may affect device functionality for laptops and mobile workstations.
Conclusion
While this vulnerability presents a higher risk in environments where local users have network privileges, it remains essential for all affected systems to apply Red Hat’s patches or use the temporary mitigation to avoid potential exploitation. Proactive patch management will prevent unauthorized privilege escalation and help maintain the security integrity of Linux system
Click below and ‘share’ this article!