CVE-2024-2746
📋 TL;DR
CVE-2024-2746 is an incomplete fix for CVE-2024-1929 in dnf5's D-Bus daemon that allows local unprivileged users to pass arbitrary configuration parameters before Polkit authentication, potentially leading to local privilege escalation, denial of service, or information disclosure. This affects systems using dnf5 package manager with the vulnerable D-Bus daemon enabled. Attackers can trick the daemon into loading user-controlled plugins or configurations.
💻 Affected Systems
- dnf5
- libdnf5
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains root privileges through privilege escalation, potentially compromising the entire system and accessing sensitive files like /etc/shadow.
Likely Case
Local denial of service by making the daemon operate on blocking files or causing out-of-memory situations, disrupting package management operations.
If Mitigated
With proper access controls and patching, impact is limited to failed configuration attempts with no privilege escalation.
🎯 Exploit Status
Exploitation requires local access but appears straightforward based on vulnerability description. No authentication needed before Polkit checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisories for specific patched versions
Vendor Advisory: https://www.openwall.com/lists/oss-security/2024/04/03/5
Restart Required: Yes
Instructions:
1. Check for vendor security updates for dnf5/libdnf5. 2. Apply updates via package manager. 3. Restart dnf5 D-Bus daemon or reboot system.
🔧 Temporary Workarounds
Disable dnf5 D-Bus daemon
linuxTemporarily disable the vulnerable D-Bus service until patching is complete
systemctl stop dnf5-daemon
systemctl disable dnf5-daemon
Restrict D-Bus access
linuxConfigure Polkit or D-Bus policies to restrict access to dnf5 service
🧯 If You Can't Patch
- Disable dnf5 D-Bus daemon service completely
- Implement strict access controls to limit local user access to systems with dnf5
🔍 How to Verify
Check if Vulnerable:
Check dnf5 version and if D-Bus daemon is running: 'systemctl status dnf5-daemon' and 'dnf5 --version'Check Version:
dnf5 --version || rpm -q dnf5Verify Fix Applied:
Verify patched version is installed and D-Bus daemon restarted successfully📡 Detection & Monitoring
Log Indicators:
- Unusual D-Bus authentication failures for dnf5
- Unexpected configuration file parsing errors in system logs
- dnf5 daemon crashes or abnormal termination
Network Indicators:
- Local D-Bus communication spikes to dnf5 service
SIEM Query:
Process monitoring for dnf5-daemon with unusual parent processes or configuration file access patterns