Glog Insecure Temporary File Vulnerability Leading to Overwrite of Sensitive Files

A vulnerability exists in the Glog logging library for Go, prior to version 1.2.4, that allows an unprivileged attacker to predict the log file path of a privileged process and exploit this by creating a symbolic link to a sensitive file. When the privileged process executes, it follows the symlink and overwrites the targeted file. This issue arises because logs are typically written to directories that are widely writable by default, such as /tmp on Unix systems, creating an opportunity for abuse. The vulnerability is classified as an insecure temporary file vulnerability, a known risk on both Unix and Windows systems.

Impact

Exploitation of this vulnerability allows for the overwriting of sensitive files, such as /etc/shadow, with log data, potentially leading to the loss of critical information or corruption of file contents.

Reproduction

To reproduce this vulnerability, a Glog-enabled binary must be executed as a privileged user, such as root, through a cron job. The log directory should be writable by unprivileged users. Once the cron job schedule is known, a bash script can be used to create symlinks in the log directory that point to sensitive files, using predicted log file names based on the Glog logging pattern. When the cron job runs, the Glog library will follow the symlink and overwrite the sensitive file with log data.

Remediation

Users are advised to upgrade to Glog version 1.2.4 or later, where this vulnerability has been fixed.