CVE-2023-39003: Critical Vulnerability in OPNsense before 23.7 due to Insecure Permissions in /tmp Directory

A critical vulnerability in OPNsense, an open-source firewall and routing platform, has been discovered recently. The vulnerability impacts all versions released before 23.7 and has been tracked as CVE-2023-39003. In this post, we will dive into the technical details of the vulnerability, provide a code snippet showcasing the issue, and explore the available exploit details. Additionally, we'll provide links to the original references for further information.

Vulnerability Details

The main issue with CVE-2023-39003 lies in the insecure permissions set for the /tmp directory in OPNsense prior to version 23.7. Due to lax permissions, any authenticated user has write access to all the files in the /tmp directory, allowing a local attacker to manipulate critical system files, ultimately leading to unauthorized access or potential denial-of-service (DoS).

To highlight the issue, the following code snippet showcases the problematic permission set

drwxrwxrwt  16 root  wheel  512 Feb 10 09:30 tmp

In the above output, you can see the permission set for the /tmp directory is 777, granting full access to all users. This opens up a potential attack vector for unauthorized access and manipulation.

Exploit Details

While there is no known working exploit for the vulnerability at the moment, a skilled attacker could potentially leverage the insecure permissions by crafting a malicious script or executable that would be placed in the /tmp directory. By doing so, they may gain unauthorized access or even execute arbitrary code with elevated privileges. To mitigate the risk, users are strongly advised to update their OPNsense installations to version 23.7 or later.

Original References

For more information regarding CVE-2023-39003 and the underlying issue of insecure file permissions in the OPNsense firewall and routing platform, please refer to the following links:

1. Official CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39003
2. OPNsense Security Advisory: https://forum.opnsense.org/index.php?topic=28598.
3. National Vulnerability Database (NVD) Entry: https://nvd.nist.gov/vuln/detail/CVE-2023-39003

Conclusion

CVE-2023-39003 is a critical vulnerability affecting OPNsense versions before 23.7. The issue is caused by insecure permissions set for the /tmp directory, which can be exploited by local attackers to gain unauthorized access or execute arbitrary code with elevated privileges. Users are highly advised to update their OPNsense installations to version 23.7 or later to mitigate the risk posed by this vulnerability.

Stay safe and remain vigilant by keeping your software up-to-date and following security best practices when configuring your systems.

Timeline

Published on: 08/09/2023 19:15:00 UTC
Last modified on: 08/15/2023 17:54:00 UTC