CVE-2023-5936
📋 TL;DR
This CVE describes a local privilege escalation vulnerability in Arc software on Unix systems where temporary files are created with unsafe permissions. A malicious local user can tamper with these files to execute arbitrary code with root privileges. This affects Unix/Linux and macOS systems running vulnerable versions of Arc.
💻 Affected Systems
- Arc
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains full root privileges on the system, enabling complete system compromise, data theft, persistence establishment, and lateral movement.
Likely Case
Local user with standard privileges escalates to root to install malware, access sensitive data, or modify system configurations.
If Mitigated
Attack limited to user's own privileges if proper file permissions and isolation controls are implemented.
🎯 Exploit Status
Exploitation requires local access to the system and knowledge of temporary file locations/patterns.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://security.nozominetworks.com/NN-2023:14-01
Restart Required: Yes
Instructions:
1. Review vendor advisory at provided URL
2. Update Arc to patched version
3. Restart Arc service/application
4. Verify fix is applied
🔧 Temporary Workarounds
Secure temporary directory permissions
linuxSet strict permissions on temporary directories used by Arc to prevent unauthorized file tampering
chmod 700 /tmp/arc_temp_directory
chown root:root /tmp/arc_temp_directory
Run Arc with minimal privileges
allConfigure Arc to run with non-root privileges where possible
sudo -u arc_user arc_command
🧯 If You Can't Patch
- Implement strict access controls to limit local user access to systems running Arc
- Monitor for suspicious file operations in Arc temporary directories using file integrity monitoring
🔍 How to Verify
Check if Vulnerable:
Check Arc version and compare against vendor advisory. Examine temporary file permissions created by Arc.Check Version:
arc --version or check package manager (apt list --installed | grep arc, rpm -qa | grep arc)Verify Fix Applied:
Verify Arc is updated to patched version and test that temporary files are created with secure permissions.📡 Detection & Monitoring
Log Indicators:
- Unauthorized file modifications in Arc temporary directories
- Unexpected privilege escalation events
- Arc process spawning with unexpected parent/child relationships
Network Indicators:
- None - this is a local attack
SIEM Query:
source="*arc*" AND (event_type="file_modification" OR event_type="privilege_escalation")