CVE-2024-45339 in Google
Summary
by MITRE • 01/28/2025
When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/04/2025
The vulnerability described in CVE-2024-45339 represents a sophisticated symlink-based attack vector that exploits improper file handling in logging mechanisms. This issue affects systems where logging operations occur in directories with wide write permissions, creating an environment where unprivileged attackers can manipulate the logging process to target sensitive files. The flaw stems from the fundamental assumption that log file paths are secure and immutable, allowing attackers to predict and pre-position symbolic links that will be followed by privileged processes during log writing operations.
The technical implementation of this vulnerability follows a classic race condition pattern where the attacker creates a symbolic link with a predictable name in a directory that the privileged logging process will access. When the privileged process attempts to write logs to what it believes is a legitimate log file, it actually follows the malicious symlink and writes content to a target file chosen by the attacker. This technique leverages the principle that many logging systems do not validate whether the target path represents a symbolic link or whether the file already exists before proceeding with write operations. The vulnerability operates under CWE-367 which specifically addresses Time-of-Check to Time-of-Use (TOCTOU) race conditions, where the security check occurs at a different time than the actual operation.
The operational impact of this vulnerability extends beyond simple file overwrite scenarios, as it can potentially allow attackers to modify critical system files, configuration data, or sensitive information stored in files that are normally protected from unauthorized modification. This attack vector is particularly dangerous in environments where privileged processes maintain elevated permissions and write logs to directories with world-writable permissions. The severity increases when considering that many logging systems are designed to run with elevated privileges to ensure proper log file creation and management, making them attractive targets for attackers seeking to escalate privileges or compromise system integrity. The attack can be executed without requiring direct access to the target system, as long as the attacker can predict the log file path and has write access to the parent directory.
The mitigation strategy implemented in the fix addresses the core issue by introducing an explicit validation check that causes the program to terminate immediately when it detects that a log file already exists. This approach prevents the race condition by ensuring that the logging process does not proceed with operations that could lead to file corruption or unauthorized modification. The exit status code 2 indicates a specific error condition that helps system administrators identify this particular issue during troubleshooting. This solution aligns with the principle of least privilege and defensive programming practices, ensuring that logging operations do not proceed under conditions that could compromise system security. The fix also encourages administrators to review and tighten directory permissions for logging locations, ensuring that only authorized processes can write to these directories, thus preventing the conditions that enable such attacks to succeed. This remediation approach is consistent with ATT&CK technique T1566 which covers social engineering tactics, as it addresses the fundamental flaw that allows attackers to manipulate system components through predictable file paths and permissions.