CVE-2021-30357 - Arbitrary file read as root in Check Point VPN client
Discover CVE-2021-30357 in Check Point VPN SNX client v800007075 for Linux, where SUID bit enables root execution and an info leak allows arbitrary file reads via VPN config filepath, exposing contents like /etc/shadow in exceptions.
CVE-2021-30357 - Arbitrary file read as root in Check Point VPN client
Description
The software Check Point VPN SNX (SSL Network Extender) client v800007075 for Linux installer sets SUID bit causing it to run as a privileged used on the system. It also has an information leak vulnerability that could be leveraged to partially read any file on the system by specifying its filepath as a VPN configuration file, causing it to throw an exception and print a verbose/debug thus revealing the file contents (e.g. /etc/shadow).
This post is licensed under CC BY 4.0 by the author.