NousResearch Hermes-Agent Symbolic Link Following Vulnerability Allowing Write Access to System Files on macOS

A vulnerability in NousResearch Hermes-Agent version 0.8.0 allows for symbolic link following, bypassing the application's sensitive path write protection on macOS. The issue arises because the application checks paths against a blocklist that does not account for symlinks to private directories. As a result, the 'write_file' and 'patch' tools can modify critical system files, such as '/etc/hosts' and '/etc/sudoers', potentially leading to unauthorized changes in system configuration or privileges.

Impact

Exploitation of this vulnerability can cause unauthorized modifications to system files, disrupting normal operations or creating security risks. For example, writing to '/etc/hosts' can hijack DNS resolutions, while changes to '/etc/sudoers' can escalate privileges by allowing certain commands to be run as an administrator without a password.

Reproduction

The vulnerability can be reproduced by using the 'write_file' tool to attempt to write to a protected path, such as '/etc/hosts'. The tool will bypass the sensitive path check and attempt the write, which can be verified through the application's response.

Remediation

Users can upgrade to NousResearch Hermes-Agent version 0.9.0 or later, where this vulnerability has been addressed.