CVE-2021-27851 is a vulnerability in GNU Guix
Published on April 26, 2021
Local privilege escalation in GNU Guix via guix-daemon and '--keep-failed'
A security vulnerability that can lead to local privilege escalation has been found in guix-daemon. It affects multi-user setups in which guix-daemon runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.
Weakness Type
Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Products Associated with CVE-2021-27851
Want to know whenever a new CVE is published for GNU Guix? stack.watch will email you.
Affected Versions
GNU Guix guix-daemon:- Version v0.11.0-3298-g2608e40988 and below unspecified is affected.
- Version unspecified and below v1.2.0-75109-g94f0312546 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.