Rust Users Crate Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in the Rust 'users' crate, specifically in versions 0.8.0 and later. The issue arises from an incorrect group listing that appends the 'root' group to user and process group access lists, unless the total number of groups is exactly 1024. This flaw can be exploited if the group information is used for access control.

Impact

Exploitation of this vulnerability can lead to unauthorized privilege escalation by incorrectly granting access rights based on flawed group listings.

Reproduction

The vulnerability can be reproduced by using the 'group_access_list' function from the 'users' crate' version 0.8.0 or later. This function will incorrectly add the 'root' group to the access list, unless the group count is precisely 1024, thereby creating a false representation of group memberships that can be exploited for privilege escalation.

Remediation

Users can downgrade to versions prior to 0.8.0, which do not include the vulnerable functions, as a temporary workaround. Alternatively, the 'uzers' crate, an actively maintained fork of the 'users' crate, can be used.