CVE-2024-2905 is a security vulnerability identified in rpm-ostree version 1.2024.4, involving incorrect permission assignment on the /etc/shadow file in default builds. The /etc/shadow file is critical as it stores hashed user password information and other sensitive authentication data. In this case, the file has been mistakenly configured with the world-readable bit enabled, meaning any user on the system can read this file. This misconfiguration arises from default permissions being set at a higher level than the security best practice, which typically restricts access to root or privileged users only. The vulnerability does not require authentication or user interaction to exploit, but it does require local access (AV:L - Attack Vector: Local). The CVSS 3.1 base score is 6.2 (medium severity), reflecting high confidentiality impact (C:H) but no impact on integrity or availability. The vulnerability allows unauthorized local users to read sensitive password hashes, potentially enabling offline password cracking attacks and subsequent privilege escalation. Although no known exploits are currently reported in the wild, the exposure of /etc/shadow to all users is a significant security risk that could be leveraged by attackers who have gained limited local access to escalate privileges or move laterally within a compromised environment. The issue is specific to rpm-ostree default builds, a system for managing immutable operating system trees, commonly used in Fedora Silverblue, Red Hat Enterprise Linux variants, and other Linux distributions employing rpm-ostree for atomic updates and system image management.

For European organizations, the exposure of /etc/shadow due to this vulnerability poses a substantial risk to system confidentiality and overall security posture. Organizations relying on rpm-ostree-based systems for critical infrastructure, servers, or workstations could face unauthorized disclosure of password hashes, enabling attackers with local access to perform offline brute-force or dictionary attacks to recover user credentials. This can lead to privilege escalation, unauthorized access to sensitive data, and potential lateral movement within enterprise networks. The impact is particularly severe in environments with shared or multi-user access, such as development servers, cloud instances, or container hosts. Confidentiality breaches could result in compliance violations under GDPR and other European data protection regulations, leading to legal and financial repercussions. Additionally, the medium severity rating may underestimate the real-world risk if combined with other vulnerabilities or weak password policies. Since no remote exploitation is possible without local access, the threat is more relevant to insider threats, compromised accounts, or attackers who have already gained foothold on the system. Nevertheless, the vulnerability undermines the fundamental security model of Linux authentication and should be addressed promptly to maintain trust in system integrity and confidentiality.

1. Immediate patching: Apply vendor patches or updates to rpm-ostree that correct the default file permissions on /etc/shadow to restrict access strictly to root or equivalent privileged users. 2. Manual remediation: Until patches are available, system administrators should manually verify and correct the permissions on /etc/shadow using chmod 640 or more restrictive settings and ensure ownership is root:shadow or root:root as appropriate. 3. Audit and monitoring: Implement file integrity monitoring to detect unauthorized permission changes on critical files like /etc/shadow. 4. Access control: Limit local user accounts and enforce strict access policies to reduce the risk of unauthorized local access. 5. Password policies: Enforce strong password complexity and rotation policies to mitigate the risk of offline cracking if hashes are exposed. 6. Incident response readiness: Prepare to investigate and respond to potential privilege escalation attempts or suspicious local activity. 7. Configuration management: Review and harden system build processes and default configurations to prevent similar permission misconfigurations in the future. 8. User education: Train administrators and users on the importance of file permissions and secure system configurations.