Rust runs into trouble on Windows

By

Critical vulnerability gives shell access.

The Rust programming language has a standard library on Windows that gives attackers a way to execute shell commands.

Rust runs into trouble on Windows

Rated critical in an advisory on GitHub, the vulnerability affects the Rust standard library in version 1.77.1 and earlier.

The bug is fixed in version 1.77.2.

The technical explanation is that CVE-2024-24576 is an operating system command injection and argument injection vulnerability that happens because the library doesn’t “properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`,” the advisory explains.

“An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping.”

The problem is the complexity of using Command::arg and Command::args in the Windows API, which provides a single string containing all the arguments to spawned processes, which have the job of splitting the string.

On non-Windows platforms this isn’t a problem.

However, Windows’s ‘cmd.exe’ has its own argument splitting logic, so if the Rust program calls it (for example to execute batch files), the standard library needs to implement custom escaping for arguments passed to batch files.

“Unfortunately, it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution,” the advisory stated.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter

CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Log In

  |  Forgot your password?