Executive Summary

The vulnerability in seffaflik up to version 0.0.9 involves insecure default permissions and lack of symlink checks on certain files. Specifically, the .kimlik file is created with overly permissive permissions (mode 0777) and the .seffaflik directory with mode 0775, exposing sensitive identity data to other local users. Additionally, the .kimlik file is written without verifying if it is a symbolic link, allowing a local attacker to replace it with a symlink to any file and cause arbitrary file overwrite when seffaflik writes to it. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to information disclosure, where secret identity data stored in the .kimlik file is exposed to unauthorized local users. It can also result in denial of service (DoS) by allowing attackers to overwrite arbitrary files, potentially corrupting critical system files or crashing applications. [1]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking the permissions of the ~/.seffaflik directory and the .kimlik file. Specifically, verify if ~/.seffaflik has permissions 0775 and ~/.seffaflik/.kimlik has permissions 0777, which are insecure. Use the commands: `ls -ld ~/.seffaflik` and `ls -l ~/.seffaflik/.kimlik` to check permissions. Also, check if the .kimlik file is a symbolic link by running `ls -l ~/.seffaflik/.kimlik` and looking for an 'l' at the start of the permissions string. [1]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, manually restrict the permissions by running: `chmod 700 ~/.seffaflik` and `chmod 600 ~/.seffaflik/.kimlik`. Additionally, avoid running seffaflik on multi-user systems until a patched version is released. [1]

Useful 0 Not Useful 0