Executive Summary

This vulnerability exists in the AGL app-framework-binder (afb-daemon) up to version 19.90.0. It allows any local process to execute privileged supervision commands without authentication by connecting to an abstract Unix socket named @urn:AGL:afs:supervision:socket.

The function on_supervision_call in the source code dispatches eight commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without verifying the credentials of the caller. The socket has no discretionary access control (DAC) protection, which means low-privileged local processes can exploit this to perform actions normally restricted to privileged users.

Exploiting this vulnerability can allow an attacker to kill the daemon (causing denial of service), execute arbitrary API calls, close user sessions, or leak the entire global configuration.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have serious impacts including:

• Denial of Service (DoS) by killing the daemon using the Exit command.
• Execution of arbitrary API calls, potentially allowing unauthorized actions.
• Closure of arbitrary user sessions, disrupting legitimate users.
• Leakage of the entire global configuration, exposing sensitive system information.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the agl app-framework-binder (afb-daemon) allowing local processes to execute privileged supervision commands without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket.

Detection can focus on checking for the presence of the abstract Unix socket @urn:AGL:afs:supervision:socket and monitoring or attempting to interact with it.

• Use commands like `ss -xl | grep @urn:AGL:afs:supervision:socket` or `netstat -ax | grep @urn:AGL:afs:supervision:socket` to detect the presence of the abstract Unix socket.
• Attempt to connect to the socket using tools like `socat` or `nc` to see if commands can be sent without authentication.
• Check running processes for the afb-daemon and verify its version to confirm if it is at or below v19.90.0.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the abstract Unix socket @urn:AGL:afs:supervision:socket to trusted users only, as it currently lacks discretionary access control (DAC) protection.

Consider stopping or restarting the afb-daemon if possible, and upgrading to a patched version once available.

Monitor and audit usage of the supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) to detect any unauthorized activity.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows any local process to execute privileged supervision commands without authentication, potentially leading to unauthorized access, data leakage, and denial of service.

Such unauthorized access and data leakage could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data and system integrity.

However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.

Useful 0 Not Useful 0