CVE-2024-31226

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or `C:\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.1 / Impact : 4.7

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a
https://github.com/LizardByte/Sunshine/pull/2379
https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp
https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a
https://github.com/LizardByte/Sunshine/pull/2379
https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp

Configurations

No configuration.

History

21 Nov 2024, 09:13

Type	Values Removed	Values Added
Summary		(es) Sunshine es un anfitrión de transmisión de juegos autohospedado para Moonlight. Los usuarios que ejecutaron las versiones de Sunshine 0.17.0 a 0.22.2 como servicio en Windows pueden verse afectados al finalizar el servicio si un ataque colocó un archivo llamado `C:\Program.exe`, `C:\Program.bat` o `C:\Program.cmd` en la computadora del usuario. Este vector de ataque no es explotable a menos que el usuario haya aflojado manualmente las ACL en la unidad del sistema. Si la configuración regional del sistema del usuario no es inglés, es probable que el nombre del ejecutable varíe. La versión 0.23.0 contiene un parche para el problema. Algunas soluciones están disponibles. Se pueden identificar y bloquear la intercepción de rutas ejecutadas de software potencialmente malicioso mediante el uso de herramientas de control de aplicaciones, como el control de aplicaciones de Windows Defender, AppLocker o las políticas de restricción de software, cuando corresponda. Alternativamente, asegúrese de que los permisos y el control de acceso al directorio adecuados estén configurados para negar a los usuarios la capacidad de escribir archivos en el directorio de nivel superior `C:`. Requiere que todos los ejecutables se coloquen en directorios protegidos contra escritura.
References	~~() https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a -~~	() https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a -
References	~~() https://github.com/LizardByte/Sunshine/pull/2379 -~~	() https://github.com/LizardByte/Sunshine/pull/2379 -
References	~~() https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp -~~	() https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp -

16 May 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-16 19:15

Updated : 2024-11-21 09:13

NVD link : CVE-2024-31226

Mitre link : CVE-2024-31226

CVE.ORG link : CVE-2024-31226

JSON object : View

Products Affected

No product.

CWE

CWE-428

Unquoted Search Path or Element

4.9 /10