#VU77575 Race condition in Tang


Published: 2023-06-20

Vulnerability identifier: #VU77575

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1672

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Tang
/

Vendor: latchset

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in the Tang server functionality for key generation and key rotation, which results in a small time window where Tang server private keys become readable by any other process on the same host. The files are initially created with world readable permissions (0644), and only subsequently have more restrictive permissions applied (0440). A local user can exploit the race and obtain Tang private keys.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Tang: 1 - 13

External links
http://census-labs.com/news/2023/06/15/race-tang/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 8 update for tang
Ubuntu update for tang
Red Hat Enterprise Linux 9 update for tang
Multiple vulnerabilities in Oracle Linux
Fedora 37 update for tang
Fedora 38 update for tang
openEuler update for tang
Information disclosure in Tang server