Scala 2.x Privilege Escalation

2017.11.15
Credit: Jason Zaugg
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-264

A privilege escalation vulnerability has been identified in the Scala compilation daemon. The compile daemon is started explicitly by the `fsc` command, or implicitly by executing a Scala source file as a script (e.g `scala MyScript.scala`). Note: Using the `scala` command to start a REPL or to run a pre-compiled class does not start the compile daemon. # Impact While the compile daemon is running, an attacker with local access to the machine can execute code as the user that started the compile daemon, and can write arbitrary class files to any location on the filesystem that the user has access to. # Affected Versions - Scala 2.1.6-2.10.6; 2.11.0-2.11.11; 2.12.0-2.12.3 # Mitigation - Use `scala -nocompdaemon MyScript.scala` rather than `scala MyScript.scala` to disable the implicit startup and use of the daemon. - Avoid explicitly starting `fsc` - Upgrade to Scala 2.10.7 2.11.12, 2.12.4 or higher which restricts the sensitive file to be readable only by the owner. These releases also change the location of the sensitive file: it is written in the directory `$HOME/.scalac`. Announcement: http://scala-lang.org/news/security-update-nov17.html Scala Downloads: http://scala-lang.org/download/

References:

http://scala-lang.org/news/security-update-nov17.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top