CVE-2017-14610 in Bareos
Summary
by MITRE
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 11/18/2019
The vulnerability identified as CVE-2017-14610 affects the Bareos backup software core components including bareos-dir, bareos-fd, and bareos-sd in versions 16.2.6 and earlier. This issue represents a privilege escalation vulnerability that stems from improper handling of PID file creation during the software's startup process. The flaw occurs when these components create PID files while operating with reduced privileges, specifically after dropping from root to a non-root user account. This behavior creates a window of opportunity for local attackers who possess access to the non-root account to manipulate the PID file before a root script executes a kill command based on the file's contents.
The technical implementation of this vulnerability involves a race condition between the PID file creation process and the subsequent root script execution. When Bareos components start, they initially run with root privileges to perform necessary system operations, but then drop to a non-root user account for security reasons. During this transition, the PID file gets created in a location accessible to the non-root user, allowing potential attackers to modify the file contents. The root script that executes the kill command uses a pattern like "kill `cat /pathname`" which means it reads the PID value from the file and attempts to terminate the process with that ID. If an attacker has modified the PID file to contain a different process ID, the kill command will terminate the wrong process, potentially allowing privilege escalation or system disruption.
This vulnerability directly relates to CWE-362, which describes a race condition that allows a local attacker to modify system resources between the time of checking and the time of use. The attack vector leverages the principle of least privilege violation, where the system should not allow a non-privileged user to manipulate resources that could affect privileged operations. The operational impact is significant as it allows local users to potentially kill critical system processes, disrupt backup operations, or escalate privileges to gain unauthorized access to the system. The vulnerability affects the integrity and availability of the backup infrastructure, as malicious actors could target backup processes to prevent data recovery operations or compromise system stability.
From an ATT&CK framework perspective, this vulnerability maps to privilege escalation techniques where adversaries leverage weak file permissions and race conditions to gain elevated privileges. The attack requires local access to the system and knowledge of the specific PID file location, making it a low-level privilege escalation vector. The mitigation strategy involves ensuring that PID files are created with appropriate permissions that prevent modification by non-root users, implementing proper file ownership controls, and avoiding the use of shell command substitution patterns that read untrusted input. Organizations should update to Bareos versions 16.2.7 and later where this vulnerability has been addressed through improved privilege management and PID file handling procedures. Additionally, system administrators should monitor for unauthorized modifications to critical system files and implement proper access controls to prevent local users from modifying PID files in sensitive locations.