Overview
Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files.
Description
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.
Impact
By placing a specially-crafted openssl.cnf in a location used by Tychon, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable Tychon software installed.
Solution
Apply an update
This issue is addressed in Tychon 1.7.857.82
Acknowledgements
This document was written by Will Dormann.
Vendor Information
Other Information
| CVE IDs: | CVE-2022-26872 |
| Date Public: | 2022-04-28 |
| Date First Published: | 2022-04-28 |
| Date Last Updated: | 2022-04-28 13:07 UTC |
| Document Revision: | 1 |