CVE-2021-31155

Vulnerability

In pleaser versions before 0.4, the umask is not normalized when executing commands as root. This flaw, identified as CVE-2021-31155, allows a local attacker who is authorized to run at least one command via please to escalate privileges to root. The issue exists in the setuid-root binary please and affects all releases prior to 0.4 [1][3].

Exploitation

A local attacker with permission to execute a command via please can exploit the umask handling flaw. By setting a restrictive umask beforehand, the attacker can cause files created by the privileged command to have insecure permissions (e.g., world-writable). The attacker does not need any special authentication beyond being allowed to run a command; they only need local system access and the ability to influence the process environment [1].

Impact

Successful exploitation allows the attacker to gain full root privileges. By manipulating the umask, the attacker can achieve local privilege escalation, compromising the confidentiality, integrity, and availability of the system. The CVSS score is 7.8 (HIGH) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [2][3].

Mitigation

The vulnerability is fixed in version 0.4 of pleaser. Users should update to >=0.4 as soon as possible. There is no known workaround for this issue [1][3].