SEGV vulnerability in command-line parser

Hi Ubuntu team.

Any comment on this issue?

Thanks for reporting this issue, though I'm not sure it has any security impact.

Who would be the attacker in this scenario, and how would they exploit this?

Thanks!

The scenario here is a local attacker abusing some script routine where he/she can manipulate part of the parameters when calling cryptmount. To exploit this the attacker can craft special formatted argument line when calling cryptmount.

I understand as a medium/low impact since it requires local access to the system.

I'm not sure if this has any security impact either. If an attacker has the privilege to run cryptmount, what harm is caused by it failing?

It will be upstream's decision if they consider this a vulnerability or not.

@rwpenney, if upsteam does consider this a security issue, how can we help? Are you looking for CVE assignment? If so, I would contact <email address hidden> as they are a *Root* CNA for any open-source organization.

@eslerm The scenario to exploit this vulnerability is similar to a vulnerability in e.g. vim editor https://ubuntu.com/security/CVE-2023-2426 . I agree it's low impact due to the conditions explained. Basically an attacker can take advantage of a bug to execute arbitrary code, it doesn't matter if he/she should already have shell access to abuse of this flaw - the point here is having a buggy binary in the system that allows a malicious user to execute arbitrary code.

I know Canonical is also Root CNA, why are you redirecting to another CNA?

Upstream Debian package should now be available in PU: https://release.debian.org/proposed-updates/oldstable.html#cryptmount_5.3.3-1+deb11u1

Apologize for not responding earlier! This slipped through my emails.

> I know Canonical is also Root CNA, why are you redirecting to another CNA?

Canonical is a CNA, not a Root CNA.

I don't see how an _unprivileged_ attacker could leverage this bug to be a vulnerability. A clear proof of concept example would help demonstrate that this bug can become an exploit.

Making issue public, since the GitHub issue is public https://github.com/rwpenney/cryptmount/issues/1

The attachment "Fix memory initialization using calloc() in place of malloc()" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]