CVE-2024-10933
📋 TL;DR
This vulnerability in OpenBSD's readdir function allows directory traversal attacks when processing untrusted file systems. Attackers could potentially access files outside intended directories by exploiting improper validation of '/' characters in directory names. Systems running vulnerable OpenBSD versions with untrusted file systems mounted are affected.
💻 Affected Systems
- OpenBSD
📦 What is this software?
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
Openbsd by Openbsd
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized file system access leading to sensitive data exposure, privilege escalation, or arbitrary file read/write operations.
Likely Case
Limited directory traversal allowing access to adjacent directories on untrusted file systems.
If Mitigated
No impact if proper file system isolation and access controls are implemented.
🎯 Exploit Status
Requires ability to create malicious directory names on untrusted file systems.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: OpenBSD 7.5 errata 009, OpenBSD 7.4 errata 022
Vendor Advisory: https://ftp.openbsd.org/pub/OpenBSD/patches/
Restart Required: Yes
Instructions:
1. Download appropriate patch from OpenBSD patches directory. 2. Apply patch using patch command. 3. Rebuild and reinstall kernel. 4. Reboot system.
🔧 Temporary Workarounds
Restrict untrusted file systems
allAvoid mounting untrusted file systems or restrict access to trusted sources only.
Implement file system isolation
allUse chroot, containers, or virtualization to isolate untrusted file system processing.
🧯 If You Can't Patch
- Implement strict access controls on file systems
- Monitor for unusual file access patterns
🔍 How to Verify
Check if Vulnerable:
Check OpenBSD version: uname -a. If version is 7.5 without errata 009 or 7.4 without errata 022, system is vulnerable.Check Version:
uname -aVerify Fix Applied:
Verify patch application: sysctl kern.version should show patched version. Check /var/log/messages for patch installation.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns
- Failed directory traversal attempts in system logs
Network Indicators:
- Unusual NFS or file sharing activity from untrusted sources
SIEM Query:
Search for file access outside expected directories or failed path validation errors