Rust runs into trouble on Windows

By

Critical vulnerability gives shell access.

The Rust programming language has a standard library on Windows that gives attackers a way to execute shell commands.

Rust runs into trouble on Windows

Rated critical in an advisory on GitHub, the vulnerability affects the Rust standard library in version 1.77.1 and earlier.

The bug is fixed in version 1.77.2.

The technical explanation is that CVE-2024-24576 is an operating system command injection and argument injection vulnerability that happens because the library doesn’t “properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`,” the advisory explains.

“An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping.”

The problem is the complexity of using Command::arg and Command::args in the Windows API, which provides a single string containing all the arguments to spawned processes, which have the job of splitting the string.

On non-Windows platforms this isn’t a problem.

However, Windows’s ‘cmd.exe’ has its own argument splitting logic, so if the Rust program calls it (for example to execute batch files), the standard library needs to implement custom escaping for arguments passed to batch files.

“Unfortunately, it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution,” the advisory stated.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Macquarie Uni to spend up to $700m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation

Nissan A/NZ's outsourced cyber incident call centre breached

Nissan A/NZ's outsourced cyber incident call centre breached

Digital ID bill passes parliament

Digital ID bill passes parliament

Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group

Log In

  |  Forgot your password?