Project

General

Profile

Bug #31110

Mitigate command injection by prohibiting the setting of multiple NIC options at once

Added by Stefan Grönke about 1 year ago. Updated 10 months ago.

Status:
Done
Priority:
No priority
Assignee:
Brandon Schneider
Category:
Middleware
Target version:
Severity:
Low Medium
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

The network interface configuration of FreeNAS is vulnerable to command injection. Values entered as NIC options get executed in a shell context.

https://github.com/freenas/freenas/blob/4b57e24e66d6938831d43feb2878db471f23f35d/src/middlewared/middlewared/plugins/network.py#L392

This finding has low severity because the same users are already having shell access.

freenas-network-config-code-injection.png (261 KB) freenas-network-config-code-injection.png Screenshot: NIC Options Command Injection Stefan Grönke, 04/02/2018 01:34 AM
15960

Associated revisions

Revision 2098bfa6 (diff)
Added by Brandon Schneider about 1 year ago

fix(middlewared/network): Do not use shell=True

Ticket: #31110

Revision f39e5b13 (diff)
Added by Brandon Schneider about 1 year ago

fix(middlewared/network): Do not use shell=True (#1057)

  • fix(middlewared/network): Do not use shell=True

Ticket: #31110

  • Split on whitespace for the shell

History

#1 Updated by William Grzybowski about 1 year ago

  • Category changed from OS to Middleware
  • Assignee changed from Release Council to Brandon Schneider
  • Target version set to 11.2-RC2
  • Seen in changed from Master - FreeBSD-HEAD to Master - FreeNAS Nightlies

#2 Updated by Brandon Schneider about 1 year ago

  • Status changed from Unscreened to Not Started

#3 Updated by Brandon Schneider about 1 year ago

  • Status changed from Not Started to In Progress

#4 Updated by Brandon Schneider about 1 year ago

  • Status changed from In Progress to Done

#5 Updated by Dru Lavigne about 1 year ago

  • Subject changed from Command Injection in network configuration to Mitigate command injection by prohibiting the setting of multiple NIC options at once
  • Target version changed from 11.2-RC2 to 11.2-BETA1
  • Needs Merging changed from Yes to No

#6 Updated by Dru Lavigne 12 months ago

  • Status changed from Done to Ready for Testing

#7 Avatar?id=55038&size=24x24 Updated by Zackary Welch 10 months ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

I was able to reproduce this configuration and write a file to /tmp, so this passes.

#8 Updated by Dru Lavigne 10 months ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF