• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
high severity rust programming bug could lead to file, directory deletion

High-Severity Rust Programming Bug Could Lead to File, Directory Deletion

You are here: Home / General Cyber Security News / High-Severity Rust Programming Bug Could Lead to File, Directory Deletion
January 24, 2022

The maintainers of the Rust programming language have unveiled a security update for a significant-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable program in an unauthorized manner.

“An attacker could use this security issue to trick a privileged software into deleting information and directories the attacker couldn’t usually accessibility or delete,” the Rust Security Response doing work group (WG) explained in an advisory published on January 20, 2021.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Rust 1.. through Rust 1.58. is impacted by this vulnerability. The flaw, which is tracked as CVE-2022-21658 (CVSS rating: 7.3), has been credited to security researcher Hans Kratz, with the group pushing out a fix in Rust variation 1.58.1 shipped final week.

Particularly, the issue stems from an improperly executed check to protect against recursive deletion of symbolic one-way links (aka symlinks) in a common library operate named “std::fs::remove_dir_all.” This effects in a race situation, which, in transform, could be reliably exploited by an adversary by abusing their obtain to a privileged program to delete sensitive directories.

Prevent Data Breaches

“Instead of telling the procedure not to abide by symlinks, the normal library to start with checked no matter if the issue it was about to delete was a symlink, and usually it would commence to recursively delete the directory,” the advisory reported. “This exposed a race condition: an attacker could produce a listing and replace it with a symlink concerning the check out and the genuine deletion.”

Rust, although not a extensively-employed programming language, has witnessed a surge in adoption in current years for its memory-associated protection guarantees. Last year, Google introduced that its open up-resource variation of the Android operating method will add guidance for the programming language to protect against memory protection bugs.

Located this post interesting? Adhere to THN on Fb, Twitter  and LinkedIn to read through a lot more unique material we post.


Some elements of this write-up are sourced from:
thehackernews.com

Previous Post: «experts find strategic similarities b/w notpetya and whispergate attacks on Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine
Next Post: Emotet Now Using Unconventional IP Address Formats to Evade Detection emotet now using unconventional ip address formats to evade detection»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.