CVE-2022-27814

Vulnerability

SWHKD versions 1.1.5 and earlier contain a vulnerability in the -c option, which is used to check configuration syntax. The option performs file-existence tests without proper privilege separation, allowing any local user to determine whether an arbitrary file exists on the system. This occurs because the swhkd daemon runs with root privileges but the -c option is accessible to unprivileged users via the swhks client [1].

Exploitation

An attacker with local access can run swhkd -c /path/to/target and observe the exit code or output to infer whether the specified file exists. No authentication or special privileges are required beyond the ability to execute the swhkd binary [1].

Impact

Successful exploitation enables an attacker to enumerate files on the system, checking for the existence of sensitive files such as /etc/shadow, SSH private keys, or configuration files. This information disclosure can aid in further attacks, such as privilege escalation or targeted exploitation [1].

Mitigation

The vulnerability is fixed in SWHKD version 1.2.0, released on 2022-04-14 [4]. Users should upgrade to this version or later. No workaround is available for affected versions [1][4].