A vulnerable issue identified as CVE-2024-54662 in Dante 1.4. to 1.4.3 allows unauthorized access due to improper access control configuration involving the socksmethod parameter. This vulnerability has been fixed in the latest Dante 1.4.4 release. In this post, we will provide some details about the vulnerability, its potential impacts, and how to protect your system against it.

Description

Dante is an open-source SOCKS server that provides a framework for secure and tunneled network communication between clients and servers. The access control issue in the Dante configurations is related to the socksmethod configuration that allows unauthorized users to bypass access control rules and exploit the SOCKS server for untraceable connections or other malicious actions.

Exploit Details

The vulnerability arises due to incorrect parsing of the "socksmethod" parameter in the configuration file "sockd.conf." The offending code snippet is as follows:

/* config.y */
extern Socksmethod const *
macro_findsocksmethod(socksmethod, socksmethodlen)
   char *socksmethod;
   size_t socksmethodlen;
{
   MACRO *macrop;

   TAILQ_FOREACH(macrop, macrohead, link) {
      if(macrop->macrotype == MACROTYPE_SOCKSMETHOD) {
         if(strcmp(macrop->name, socksmethod) == ) {
            slog(LOG_DEBUG, "%s: macro \"%s\" matched", function, socksmethod);
            return &macrop->socksmethod;
         }
      }
   }
   return NULL;
}

The above code snippet demonstrates where Dante fails to accurately recognize the "socksmethod" configuration, allowing attackers to bypass adversary-defined access controls by exploiting misconfigurations in sockd.conf. Overall, the unauthorized access granted to attackers may allow them to exploit the SOCKS server and use it maliciously.

Original References

1. Official CVE details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54662
2. Dante official website: https://www.inet.no/dante/
3. Latest Dante release (1.4.4): https://www.inet.no/dante/download.html
4. Vulnerability fixed in commit: https://github.com/inetno/dante/commit/2ab6d803084ef711b2d4eb6c3badc8bdbbb4bcea

Mitigation

To protect against this vulnerability, it is essential to upgrade to Dante 1.4.4 or later, where the issue has been fixed. Follow the steps below to update your Dante installation:

1. First, download the latest Dante release from the official site: https://www.inet.no/dante/download.html
2. Extract the archive and follow the official documentation (https://www.inet.no/dante/doc/1.4.x/getting.started.txt) to compile and install the updated version.
3. Once the updated version is installed, verify your sockd.conf configuration to ensure the "socksmethod" parameter is configured correctly, and the access controls are appropriately set up.
4. Restart the Dante service on your system. Check the log files and confirm the updated version and correct configuration.

Conclusion

In summary, the CVE-2024-54662 vulnerability has been identified in Dante 1.4. through 1.4.3, which allows unauthorized access via improper access control configurations involving the "socksmethod" parameter. By upgrading to Dante 1.4.4 or later and ensuring correct configuration, users can effectively protect their systems against potential exploitation and maintain a secure network environment.

Timeline

Published on: 12/17/2024 18:15:24 UTC
Last modified on: 12/18/2024 16:15:14 UTC