CVE-2024-29083
📋 TL;DR
This vulnerability in Intel Distribution for Python allows authenticated local users to escalate privileges due to incorrect default file permissions. It affects systems running vulnerable versions of Intel's Python distribution. Attackers could gain elevated system access by exploiting these permission issues.
💻 Affected Systems
- Intel Distribution for Python
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains full administrative/root privileges on the system, enabling complete system compromise, data theft, and persistent backdoor installation.
Likely Case
Local authenticated users (including low-privileged accounts) gain elevated privileges to modify system files, install software, or access restricted data.
If Mitigated
With proper access controls and least privilege principles, impact is limited to the specific user's scope, though privilege escalation remains possible within that context.
🎯 Exploit Status
Exploitation requires local authenticated access and knowledge of the vulnerable file locations. No public exploit code has been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.2 or later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01165.html
Restart Required: No
Instructions:
1. Download Intel Distribution for Python version 2024.2 or later from Intel's official distribution channels. 2. Uninstall the vulnerable version. 3. Install the updated version. 4. Verify the installation is complete and functioning.
🔧 Temporary Workarounds
Manual Permission Correction
allManually adjust file permissions on Intel Python distribution files to restrict write access to authorized users only.
# Linux/macOS: Check and fix permissions
find /opt/intel/oneapi/intelpython -type f -perm /o+w -ls
find /opt/intel/oneapi/intelpython -type f -perm /o+w -exec chmod o-w {} \;
# Windows: Use icacls to remove write permissions for non-admin users
icacls "C:\Program Files\Intel\oneAPI\intelpython\*" /deny "Users:(W)"
🧯 If You Can't Patch
- Implement strict access controls to limit local user access to systems with vulnerable Intel Python installations.
- Monitor for suspicious privilege escalation attempts and file permission changes in system logs.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of Intel Distribution for Python. On Linux/macOS: 'conda list | grep intelpython' or check installation directory. On Windows: Check 'Program Files\Intel\oneAPI\intelpython' directory version.Check Version:
conda list | grep intelpython # or check /opt/intel/oneapi/intelpython/version.txt on LinuxVerify Fix Applied:
Confirm version is 2024.2 or later using 'conda list | grep intelpython' or checking the installation directory. Verify file permissions don't allow world-writable access.📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- File permission changes in Intel Python directories
- Unauthorized access attempts to system files
Network Indicators:
- Local privilege escalation typically doesn't generate network traffic unless post-exploitation activity occurs
SIEM Query:
EventID=4688 AND (ProcessName LIKE '%python%' OR CommandLine LIKE '%intelpython%') AND NewProcessName LIKE '%cmd.exe%' OR NewProcessName LIKE '%powershell.exe%'