Privilege Escalation Vulnerability by wrong chmod param

Vulnerability

In super-xray version 0.2-beta, a privilege escalation vulnerability exists due to incorrect default file permissions. The application calls chmod with the argument "777" on the xray binary, granting read, write, and execute permissions to all local users. This bug is specific to Linux and Mac OS systems, as the chmod command is used only on those platforms [2].

Exploitation

An attacker needs local access to the system as a non-privileged user. The xray binary, having permissions 777, can be replaced or modified by any local user. The attacker can substitute the original binary with a malicious executable. When a privileged user or the system runs super-xray (or the xray binary via scheduled tasks, scripts, or manual execution), the attacker's code executes with the caller's privileges. The attack complexity is high, and attacker requires some local access but no special privileges beyond a standard user [2].

Impact

Successful exploitation allows an attacker to escalate privileges to the level of the user executing the modified xray binary, potentially gaining root or administrator access. The impact includes complete compromise of confidentiality, integrity, and availability (CIA) of the affected system [2].

Mitigation

Users should upgrade to super-xray version 0.3-beta, which fixes the permission issue. The fix was released in version 0.3-beta on an unknown date prior to the advisory publication (2022-11-22) [1][2]. If upgrading is not immediately possible, system administrators can manually correct the permissions of the xray binary (e.g., chmod 755) to restrict write access to the owner only.