BatBadBut: Rust Library Bug Puts Windows Systems at Risk of Command Injection
Critical Vulnerability in Rust Library Enables Command Injection on Windows
A critical security vulnerability in the Rust standard library (CVE-2024-24576) has been identified, posing a significant threat to Windows systems by enabling command injection attacks.
This flaw, rated as critical by GitHub with a CVSS base score of 10/10, stems from weaknesses in OS command and argument handling. Attackers can exploit this vulnerability remotely and execute unexpected and potentially malicious commands without user interaction.
According to the Rust Security Response Working Group, the issue arises from improper argument escaping when invoking batch files (with the bat and cmd extensions) on Windows using the Command API. By controlling the arguments passed to the spawned process, attackers can execute arbitrary shell commands by bypassing escaping mechanisms.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
The impact of this vulnerability is critical for programs invoking batch files on Windows with untrusted arguments. Rust versions before 1.77.2 on Windows are affected if a program’s code or dependencies execute batch files with untrusted inputs.
Today, Rust 1.77.2 will be released with a critical security patch to the standard library for those on Windows using the Command API to invoke batch files with untrusted arguments. No other platform or use is affected.
See the announcement for details: https://t.co/uaLYGDjc2r
— Rust Language (@rustlang) April 9, 2024
The Rust security team faced challenges due to the complexity of cmd.exe, leading to improvements in escaping code and modifications to the Command API to mitigate the risk of command injection.
Trending: Deep Dive to Fuzzing for Maximum Impact
Trending: OSINT Tool: NetScout