Maintenance people programming language Rust has released a security update for a high-severity vulnerability that could be abused by a malicious party to delete files and folders from a vulnerable system in an unauthorized manner.
“An attacker could use this security issue to trick a privileged program into deleting files and folders that the attacker cannot access or delete,” the Rust working group Security Response (WG) said in an advisory published on January 20, 2021.
Rust 1.0.0 to Rust 1.58.0 are affected by this vulnerability. This vulnerability, tracked as CVE-2022-21658 (CVSS score: 7.3), has been documented to security researcher Hans Kratz, with the team releasing a fix in Rust version 1.58. 1 shipped last week.
Specifically, the problem stems from an improperly implemented check to prevent recursive deletion of symlinks (aka symlinks) in a standard library function named “std ::fs::remove_dir_all.” This leads to a race condition, so an adversary can be reliably exploited by abusing their access to a privileged program to delete sensitive folders.
“Instead of telling the system to disobey symlinks, the standard library first checks if what it is about to remove is a symlink, and if not, it proceeds to recursively deleting directories,” the advice says. “This suggests a race condition: an attacker could create a directory and replace it with a symlink between the check and the actual delete.”
Rust, though not a language program widely used, but has seen an increase in adoption in recent years because of its memory-related safety guarantees. Last year, Google announced that the open-source version of the Android operating system would support additional programming languages to prevent memory safety bugs.