Windscribe for Linux Command Injection Vulnerability Leading to Local Privilege Escalation

A command injection vulnerability has been identified in the Windscribe VPN desktop application for Linux. This vulnerability allows local users who are members of the windscribe group to execute arbitrary commands as root. The issue arises in the 'changeMTU' function, where the 'adapterName' parameter is improperly sanitized before being passed to a command execution utility. The vulnerability has been fixed in Windscribe versions 2.18.3-alpha and 2.18.8.

Impact

Exploitation of this vulnerability allows for full root access on the affected system.

Reproduction

To reproduce this vulnerability, a local user must be added to the windscribe group. Once this is done, the 'changeMTU' function can be called with a crafted 'adapterName' parameter that includes double quotes and shell metacharacters. The command injection occurs because the application fails to properly escape quotes within the argument, allowing the injected command to be executed as root.

Remediation

Users are advised to update to Windscribe version 2.18.3-alpha or 2.18.8.