mike/systeminformation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

inetLatency() fixed possible DOS intrusion

Browse Source
This commit is contained in:
Sebastian Hildebrandt 2021-02-12 08:35:31 +01:00
parent 3b7d8b72c0
commit 9a89964f84
8 changed files with 69 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -72,6 +72,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
| Version | Date | Comment | | Version | Date | Comment |
| -------------- | -------------- | -------- | | -------------- | -------------- | -------- |
| 5.2.6 | 2020-02-12 | `inetLatency()` fixed possible DOS intrusion |
| 5.2.5 | 2020-02-11 | `processes()` fixed truncated params (linux) | | 5.2.5 | 2020-02-11 | `processes()` fixed truncated params (linux) |
| 5.2.4 | 2020-02-11 | `currentLoad()` fixed issue | | 5.2.4 | 2020-02-11 | `currentLoad()` fixed issue |
| 5.2.3 | 2020-02-11 | `diskLayout()` added USB drives (mac OS) | | 5.2.3 | 2020-02-11 | `diskLayout()` added USB drives (mac OS) |

5
docs/history.html
View File

@ -56,6 +56,11 @@
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr>
<th scope="row">5.2.6</th>
<td>2020-02-12</td>
<td><span class="code">inetLatency()</span> fix DOS vulnerability</td>
</tr>
<tr> <tr>
<th scope="row">5.2.5</th> <th scope="row">5.2.5</th>
<td>2020-02-11</td> <td>2020-02-11</td>

2
docs/index.html
View File

@ -166,7 +166,7 @@
<body> <body>
<header class="bg-image-full"> <header class="bg-image-full">
<div class="top-container"> <div class="top-container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v4.31.1</a> <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.2.6</a>
<img class="logo" src="assets/logo.png"> <img class="logo" src="assets/logo.png">
<div class="title">systeminformation</div> <div class="title">systeminformation</div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div> <div class="subtitle"><span id="typed"></span>&nbsp;</div>

35
docs/security.html
View File

@ -43,11 +43,27 @@
<div class="col-12 sectionheader"> <div class="col-12 sectionheader">
<div class="title">Security Advisories</div> <div class="title">Security Advisories</div>
<div class="text"> <div class="text">
<h2>DOS Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.2.6 and &lt; 4.34.10<br>
<span class="bold">Date:</span> 2021-02-12<br>
<span class="bold">CVE indentifier</span> -
</p>
<h4>Impact</h4>
<p>Here we had an issue that there was a possibility to perform a ping command execution for too long time. Affected commands: <span class="code">inetLatency()</span>.</p>
<h4>Patch</h4>
<p>Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 5.2.6 (or >= 4.34.10 if you are using version 4).</p>
<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span> (no spaces)</p>
<h2>Command Injection Vulnerability</h2> <h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span> <p><span class="bold">Affected versions:</span>
< 4.31.1<br> &lt; 4.31.1<br>
<span class="bold">Date:</span> 2020-12-11<br> <span class="bold">Date:</span> 2020-12-11<br>
<span class="bold">CVE indentifier</span> CVE-2020-26274, CVE-2020-28448 <span class="bold">CVE indentifier</span> CVE-2020-26274, CVE-2020-28448
</p> </p>
<h4>Impact</h4> <h4>Impact</h4>
@ -59,12 +75,11 @@
<h4>Workarround</h4> <h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span></p> <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span></p>
<h2>command injection vulnerability - prototype pollution</h2> <h2>command injection vulnerability - prototype pollution</h2>
<p><span class="bold">Affected versions:</span> <p><span class="bold">Affected versions:</span>
< 4.30.5<br> &lt; 4.30.5<br>
<span class="bold">Date:</span> 2020-11-26<br> <span class="bold">Date:</span> 2020-11-26<br>
<span class="bold">CVE indentifier</span> CVE-2020-26245 <span class="bold">CVE indentifier</span> CVE-2020-26245
</p> </p>
<h4>Impact</h4> <h4>Impact</h4>
@ -79,9 +94,9 @@
<h2>Command Injection Vulnerability</h2> <h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span> <p><span class="bold">Affected versions:</span>
< 4.27.11<br> &lt; 4.27.11<br>
<span class="bold">Date:</span> 2020-10-26<br> <span class="bold">Date:</span> 2020-10-26<br>
<span class="bold">CVE indentifier</span> CVE-2020-7752 <span class="bold">CVE indentifier</span> CVE-2020-7752
</p> </p>
<h4>Impact</h4> <h4>Impact</h4>

4
docs/v4/index.html
View File

@ -165,12 +165,12 @@
<body> <body>
<header class="bg-image-full"> <header class="bg-image-full">
<div class="container"> <div class="container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v4.31.1</a> <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.10</a>
<img class="logo" src="assets/logo.png"> <img class="logo" src="assets/logo.png">
<div class="title">systeminformation </div> <div class="title">systeminformation </div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div> <div class="subtitle"><span id="typed"></span>&nbsp;</div>
<div class="version larger">Version 4 documentation</div> <div class="version larger">Version 4 documentation</div>
<div class="version">Current Version: <span id="version">4.34.9</span></div> <div class="version">Current Version: <span id="version">4.34.10</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button> <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div> </div>
<div class="down"> <div class="down">

16
docs/v4/security.html
View File

@ -42,6 +42,22 @@
<div class="col-12 sectionheader"> <div class="col-12 sectionheader">
<div class="title">Security Advisories</div> <div class="title">Security Advisories</div>
<div class="text"> <div class="text">
<h2>DOS Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 4.34.10<br>
<span class="bold">Date:</span> 2021-02-12<br>
<span class="bold">CVE indentifier</span> -
</p>
<h4>Impact</h4>
<p>Here we had an issue that there was a possibility to perform a ping command execution for too long time. Affected commands: <span class="code">inetLatency()</span>.</p>
<h4>Patch</h4>
<p>Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.34.10 if you are using version 4.</p>
<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span> (no spaces)</p>
<h2>Command Injection Vulnerability</h2> <h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span> <p><span class="bold">Affected versions:</span>
< 4.31.1<br> < 4.31.1<br>

20
lib/internet.js
View File

@ -35,12 +35,9 @@ function inetChecksite(url, callback) {
return new Promise((resolve) => { return new Promise((resolve) => {
process.nextTick(() => { process.nextTick(() => {
let urlSanitized = ''; let urlSanitized = '';
const s = util.sanitizeShellString(url); const s = util.sanitizeShellString(url, true);
for (let i = 0; i <= 2000; i++) { for (let i = 0; i <= 2000; i++) {
if (!(s[i] === undefined || if (!(s[i] === undefined)) {
s[i] === ' ' ||
s[i] === '{' ||
s[i] === '}')) {
s[i].__proto__.toLowerCase = util.stringToLower; s[i].__proto__.toLowerCase = util.stringToLower;
const sl = s[i].toLowerCase(); const sl = s[i].toLowerCase();
if (sl && sl[0] && !sl[1]) { if (sl && sl[0] && !sl[1]) {
@ -126,7 +123,18 @@ function inetLatency(host, callback) {
} }
host = host || '8.8.8.8'; host = host || '8.8.8.8';
const hostSanitized = (util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host)).trim(); let hostSanitized = '';
const s = (util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host, true)).trim();
for (let i = 0; i <= 2000; i++) {
if (!(s[i] === undefined)) {
s[i].__proto__.toLowerCase = util.stringToLower;
const sl = s[i].toLowerCase();
if (sl && sl[0] && !sl[1]) {
hostSanitized = hostSanitized + sl[0];
}
}
}
return new Promise((resolve) => { return new Promise((resolve) => {
process.nextTick(() => { process.nextTick(() => {

7
lib/util.js
View File

@ -502,7 +502,7 @@ function countLines(lines, startingWith) {
return uniqueLines.length; return uniqueLines.length;
} }
function sanitizeShellString(str) { function sanitizeShellString(str, strict = false) {
const s = str || ''; const s = str || '';
let result = ''; let result = '';
for (let i = 0; i <= 2000; i++) { for (let i = 0; i <= 2000; i++) {
@ -527,7 +527,10 @@ function sanitizeShellString(str) {
s[i] === '\n' || s[i] === '\n' ||
s[i] === '\'' || s[i] === '\'' ||
s[i] === '`' || s[i] === '`' ||
s[i] === '"')) { s[i] === '"' ||
strict && s[i] === ' ' ||
strict && s[i] == '{' ||
strict && s[i] == ')')) {
result = result + s[i]; result = result + s[i];
} }
} }