CVE-2023-25168 : Security Advisory and Response

This CVE involves a vulnerability in the symbolic link (symlink) following mechanism in "wings," the server control plane by Pterodactyl. The vulnerability allows the deletion of files and directories on the host system, posing a critical threat to system integrity and availability.

Understanding CVE-2023-25168

This section delves into the details of CVE-2023-25168 and its impact on systems running Pterodactyl's "wings" server control plane.

What is CVE-2023-25168?

The vulnerability in CVE-2023-25168 stems from improper link resolution before file access, enabling malicious actors to delete files and directories recursively on the host system. Attackers can leverage this flaw in combination with another vulnerability (

GHSA-p8r3-83r8-jwj5

) to overwrite files on the host system. To exploit this vulnerability, the attacker needs access to an existing server controlled by Wings.

The Impact of CVE-2023-25168

With a CVSS v3.1 base score of 9.6 (Critical), this vulnerability has a significant impact on system integrity and availability. The attack vector is through the network, with low attack complexity and low privileges required. The integrity impact is high, and the availability impact is also high.

Technical Details of CVE-2023-25168

This section provides further technical insights into the vulnerability, including the description, affected systems and versions, and exploitation mechanism.

Vulnerability Description

The vulnerability allows for the deletion of files and directories on the host system through symbolic link following, presenting a serious risk to the security and data integrity of affected systems.

Affected Systems and Versions

Vendor: Pterodactyl
Product: Wings
Affected Versions:
"< 1.7.4": Vulnerable
">= 1.11.0, < 1.11.4": Vulnerable Affected users are advised to update to versions

v1.11.4

or

v1.7.4

to mitigate the risk posed by this vulnerability.

Exploitation Mechanism

The exploitation of this vulnerability involves leveraging the symbolic link following mechanism in Wings to delete files and directories on the host system, impacting system availability and data integrity.

Mitigation and Prevention

In response to CVE-2023-25168, users and organizations are recommended to take immediate steps to secure their systems and prevent potential exploitation.

Immediate Steps to Take

Update Wings to version

v1.11.4

or

v1.7.4

to patch the vulnerability.
Monitor system logs and activities for any unusual file deletions or unauthorized access attempts.
Implement strict access controls and permissions to limit symlink following capabilities.

Long-Term Security Practices

Regularly apply security updates and patches to mitigate emerging vulnerabilities.
Conduct regular security audits and assessments to identify and remediate potential security gaps.
Educate users and administrators about secure symlink handling and best practices for file security.

Patching and Updates

Pterodactyl has released patches for the vulnerability in Wings versions

v1.11.4

and

v1.7.4

. Users are strongly advised to update their installations to these patched versions to eliminate the risk of symlink-based attacks and ensure the security of their systems.