CVE-2024-34313 Scanner
Detects 'Path Traversal' vulnerability in VPL Jail System affects v. < 4.0.3
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
The VPL Jail System is a C++ server used for running untrusted code in a sandboxed environment. It is widely utilized by educational platforms like Moodle for managing virtual programming labs. This system is operated by administrators and teachers to handle secure execution of student-submitted code. It listens for incoming connections and processes them in isolated environments. The software is essential in ensuring that submitted code runs without causing any harm to the server or system.
The Path Traversal vulnerability in VPL Jail System allows attackers to manipulate file paths. This can lead to arbitrary file overwrites, enabling privilege escalation to the root user. Versions below 4.0.3 are vulnerable to this exploit, posing a serious security risk. Attackers can chain this vulnerability with CVE-2024-34312 to gain control of Moodle instances without authentication.
This vulnerability resides in the commandUpdate function in jail.cpp, where files and their contents are sent by the client. The ProcessMonitor::writeFile function concatenates the jail user's home directory with the file name, resulting in a vulnerable file path. Due to improper validation, attackers can leverage this to write arbitrary files via path traversal. As a result, malicious actors can overwrite sensitive files on the server and escalate privileges. The vulnerable endpoint listens for incoming connections and mishandles file paths provided in the requests.
When exploited, this vulnerability can lead to full system compromise by allowing unauthorized file overwrites. Attackers may gain root-level privileges, access sensitive files, or modify critical configurations. If chained with another vulnerability (CVE-2024-34312), it can result in unauthorized remote access to Moodle instances. Malicious actors can take over the system and use it for further exploitation.
By using the Security for Everyone platform, you gain access to advanced security scanning that uncovers critical vulnerabilities like this Path Traversal flaw. Protect your infrastructure with our up-to-date and comprehensive scans. Stay ahead of threats by identifying and fixing vulnerabilities before attackers exploit them. Become a member today to benefit from continuous monitoring and expert remediation suggestions tailored to your system's security needs.
References: