diff --git a/CHANGELOG.md b/CHANGELOG.md index cf7bee8..25ba1a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -72,6 +72,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page. | Version | Date | Comment | | -------------- | -------------- | -------- | +| 5.2.6 | 2020-02-12 | `inetLatency()` fixed possible DOS intrusion | | 5.2.5 | 2020-02-11 | `processes()` fixed truncated params (linux) | | 5.2.4 | 2020-02-11 | `currentLoad()` fixed issue | | 5.2.3 | 2020-02-11 | `diskLayout()` added USB drives (mac OS) | diff --git a/docs/history.html b/docs/history.html index 75bf404..352b681 100644 --- a/docs/history.html +++ b/docs/history.html @@ -56,6 +56,11 @@ + + 5.2.6 + 2020-02-12 + inetLatency() fix DOS vulnerability + 5.2.5 2020-02-11 diff --git a/docs/index.html b/docs/index.html index 01027be..ad3dba4 100644 --- a/docs/index.html +++ b/docs/index.html @@ -166,7 +166,7 @@
- Security advisory:
Update to v4.31.1 + Security advisory:
Update to v5.2.6
systeminformation
 
diff --git a/docs/security.html b/docs/security.html index c12cf94..7e01360 100644 --- a/docs/security.html +++ b/docs/security.html @@ -43,11 +43,27 @@
Security Advisories
+

DOS Injection Vulnerability

+

Affected versions: + < 5.2.6 and < 4.34.10
+ Date: 2021-02-12
+ CVE indentifier - +

+ +

Impact

+

Here we had an issue that there was a possibility to perform a ping command execution for too long time. Affected commands: inetLatency().

+ +

Patch

+

Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 5.2.6 (or >= 4.34.10 if you are using version 4).

+ +

Workarround

+

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency() (no spaces)

+

Command Injection Vulnerability

Affected versions: - < 4.31.1
- Date: 2020-12-11
- CVE indentifier CVE-2020-26274, CVE-2020-28448 + < 4.31.1
+ Date: 2020-12-11
+ CVE indentifier CVE-2020-26274, CVE-2020-28448

Impact

@@ -59,12 +75,11 @@

Workarround

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency()

-

command injection vulnerability - prototype pollution

Affected versions: - < 4.30.5
- Date: 2020-11-26
- CVE indentifier CVE-2020-26245 + < 4.30.5
+ Date: 2020-11-26
+ CVE indentifier CVE-2020-26245

Impact

@@ -79,9 +94,9 @@

Command Injection Vulnerability

Affected versions: - < 4.27.11
- Date: 2020-10-26
- CVE indentifier CVE-2020-7752 + < 4.27.11
+ Date: 2020-10-26
+ CVE indentifier CVE-2020-7752

Impact

diff --git a/docs/v4/index.html b/docs/v4/index.html index 889d63d..ace89c3 100644 --- a/docs/v4/index.html +++ b/docs/v4/index.html @@ -165,12 +165,12 @@
- Security advisory:
Update to v4.31.1 + Security advisory:
Update to v4.34.10
systeminformation
 
Version 4 documentation
-
Current Version: 4.34.9
+
Current Version: 4.34.10
diff --git a/docs/v4/security.html b/docs/v4/security.html index f443502..89f5779 100644 --- a/docs/v4/security.html +++ b/docs/v4/security.html @@ -42,6 +42,22 @@
Security Advisories
+

DOS Injection Vulnerability

+

Affected versions: + < 4.34.10
+ Date: 2021-02-12
+ CVE indentifier - +

+ +

Impact

+

Here we had an issue that there was a possibility to perform a ping command execution for too long time. Affected commands: inetLatency().

+ +

Patch

+

Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.34.10 if you are using version 4.

+ +

Workarround

+

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency() (no spaces)

+

Command Injection Vulnerability

Affected versions: < 4.31.1
diff --git a/lib/internet.js b/lib/internet.js index 1d815ba..ab28f14 100644 --- a/lib/internet.js +++ b/lib/internet.js @@ -35,12 +35,9 @@ function inetChecksite(url, callback) { return new Promise((resolve) => { process.nextTick(() => { let urlSanitized = ''; - const s = util.sanitizeShellString(url); + const s = util.sanitizeShellString(url, true); for (let i = 0; i <= 2000; i++) { - if (!(s[i] === undefined || - s[i] === ' ' || - s[i] === '{' || - s[i] === '}')) { + if (!(s[i] === undefined)) { s[i].__proto__.toLowerCase = util.stringToLower; const sl = s[i].toLowerCase(); if (sl && sl[0] && !sl[1]) { @@ -126,7 +123,18 @@ function inetLatency(host, callback) { } host = host || '8.8.8.8'; - const hostSanitized = (util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host)).trim(); + let hostSanitized = ''; + const s = (util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host, true)).trim(); + for (let i = 0; i <= 2000; i++) { + if (!(s[i] === undefined)) { + + s[i].__proto__.toLowerCase = util.stringToLower; + const sl = s[i].toLowerCase(); + if (sl && sl[0] && !sl[1]) { + hostSanitized = hostSanitized + sl[0]; + } + } + } return new Promise((resolve) => { process.nextTick(() => { diff --git a/lib/util.js b/lib/util.js index b1e2175..dd94ba2 100644 --- a/lib/util.js +++ b/lib/util.js @@ -502,7 +502,7 @@ function countLines(lines, startingWith) { return uniqueLines.length; } -function sanitizeShellString(str) { +function sanitizeShellString(str, strict = false) { const s = str || ''; let result = ''; for (let i = 0; i <= 2000; i++) { @@ -527,7 +527,10 @@ function sanitizeShellString(str) { s[i] === '\n' || s[i] === '\'' || s[i] === '`' || - s[i] === '"')) { + s[i] === '"' || + strict && s[i] === ' ' || + strict && s[i] == '{' || + strict && s[i] == ')')) { result = result + s[i]; } }