CVE-2020-8903 : Security Advisory and Response

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows users to escalate privileges to root by exploiting a role permission.

Understanding CVE-2020-8903

This CVE involves a privilege escalation vulnerability in Google Cloud Platform's guest-oslogin, potentially leading to unauthorized access.

What is CVE-2020-8903?

The vulnerability allows users with limited permissions to gain root access by manipulating DHCP XID and impersonating the GCE metadata server.

The Impact of CVE-2020-8903

CVSS Score: 6.7 (Medium Severity)
Attack Vector: Local
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
Privileges Required: Low
User Interaction: Required

Technical Details of CVE-2020-8903

This section provides detailed technical information about the vulnerability.

Vulnerability Description

The flaw in guest-oslogin versions between 20190304 and 20200507 allows users with limited permissions to escalate privileges to root by exploiting DHCP XID and impersonating the GCE metadata server.

Affected Systems and Versions

Affected Product: guest-oslogin
Vendor: Google LLC
Vulnerable Versions: 20190304 to 20200507

Exploitation Mechanism

Users with the role "roles/compute.osLogin" can read DHCP XID from the systemd journal.
By manipulating DHCP XID, users can set the IP address and hostname of the instance, leading to unauthorized access.

Mitigation and Prevention

Protect your systems from this vulnerability by following these mitigation strategies.

Immediate Steps to Take

Update to images created after 2020-May-07 to fix the vulnerability.
If unable to update, remove the "adm" user from the OS Login entry in /etc/group/security.conf.

Long-Term Security Practices

Regularly review and update access permissions and roles.
Monitor system logs for any suspicious activities.

Patching and Updates

Ensure all systems are regularly patched and updated to prevent vulnerabilities.