PT-2019-17650 · Killport · Killport

Cris_Semmle

Published

2019-03-17

Updated

2019-10-09

CVE-2019-5414

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions kill-port versions prior to 1.3.2

Description The issue allows an attacker to inject arbitrary OS commands due to the usage of the exec function in a third-party module. This is possible because the package does not validate user input on the kill function, which may allow attackers to run arbitrary commands in the system if user input, such as the port number, is passed directly to the function.

Recommendations Upgrade to version 1.3.2 or later. As a temporary workaround, consider restricting the use of the kill function in the kill-port module until a patch is available.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2019-5414

GHSA-PMV6-GF98-P3R5

Affected Products

Killport

PT-2019-17650 · Killport · Killport

CVE-2019-5414

Weakness Enumeration

Related Identifiers

Affected Products

References · 6