CVE-2024-25959
📋 TL;DR
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x log sensitive information that could be accessed by local low-privileged users. This vulnerability allows attackers to read confidential data from log files, potentially leading to privilege escalation. Only local attackers with some system access can exploit this vulnerability.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains administrative privileges on the system by extracting credentials or sensitive tokens from logs, leading to complete system compromise and data exfiltration.
Likely Case
A low-privileged user reads sensitive configuration data, API keys, or partial credentials from logs, enabling lateral movement or limited privilege escalation.
If Mitigated
With proper log file permissions and monitoring, attackers cannot access sensitive logs, limiting impact to information disclosure without privilege escalation.
🎯 Exploit Status
Exploitation requires reading log files that contain sensitive information. No authentication bypass needed beyond local access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply updates per Dell advisory DSA-2024-115
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Restart Required: Yes
Instructions:
1. Review Dell advisory DSA-2024-115. 2. Download appropriate OneFS update for your version. 3. Apply update following Dell's upgrade procedures. 4. Restart affected systems as required.
🔧 Temporary Workarounds
Restrict log file permissions
linuxChange permissions on log files to prevent low-privileged users from reading sensitive logs.
chmod 640 /var/log/*.log
chown root:wheel /var/log/*.log
Monitor log access
linuxImplement auditing to detect unauthorized access to sensitive log files.
auditctl -w /var/log/ -p r -k sensitive_log_access
🧯 If You Can't Patch
- Implement strict access controls on log directories to prevent low-privileged users from reading sensitive files.
- Regularly audit and sanitize log files to remove sensitive information before retention.
🔍 How to Verify
Check if Vulnerable:
Check OneFS version with 'isi version' command. If version is between 9.4.0.x and 9.7.0.x, system is vulnerable.Check Version:
isi versionVerify Fix Applied:
Verify version is updated beyond 9.7.0.x with 'isi version' and check that sensitive information no longer appears in log files.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to log files
- Sensitive data patterns appearing in log entries accessible to low-privileged users
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="/var/log/*" AND (event_type="file_read" OR action="read") AND user!="root" AND file_path CONTAINS ".log"