PT-2017-18538 · Renci · Irods

Publicado

2017-05-05

Atualizado

2019-10-03

CVE-2017-8799

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iRODS versions prior to 4.1.11 iRODS versions prior to 4.2.1

Description The issue allows execution of untrusted input via igetwild in iRODS, enabling other users, potentially anonymous, to execute remote shell commands through iRODS virtual pathnames. This can be exploited by retrieving a virtual iRODS pathname containing a semicolon via igetwild, which, being a Bash script, executes the part of the pathname following the semicolon in the user's shell.

Recommendations For versions prior to 4.1.11, update to version 4.1.11 or later. For versions prior to 4.2.1, update to version 4.2.1 or later.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2017-8799

Produtos afetados

Irods

PT-2017-18538 · Renci · Irods

CVE-2017-8799

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3