MemProcFS DLL and Shared Library Hijacking Vulnerability
Vulnerability
A vulnerability in MemProcFS versions prior to 5.17 allows for DLL and shared library hijacking, leading to arbitrary code execution. This issue arises from unsafe library-loading practices, including bare-name LoadLibraryU and dlopen calls without proper path qualification, particularly for the Python plugin, libMSCompression, and other plugin DLLs. An attacker can exploit this vulnerability by placing a malicious DLL or shared library in the working directory or by manipulating the LD_LIBRARY_PATH environment variable.
Impact
Exploitation of this vulnerability allows for arbitrary code execution within the context of the application.
Reproduction
To reproduce this vulnerability, place a malicious DLL or shared library in the working directory of MemProcFS or manipulate the LD_LIBRARY_PATH to include the path to the malicious library. When MemProcFS is executed, it will load the malicious library, leading to arbitrary code execution.
Remediation
Users can update to MemProcFS version 5.17 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.