From 7972565812ccb2a610a22911c54c3446f4171392 Mon Sep 17 00:00:00 2001 From: Sebastian Hildebrandt Date: Tue, 19 Sep 2023 17:39:39 +0200 Subject: [PATCH] wifi sanitizing ssid names --- docs/history.html | 5 +++++ docs/index.html | 4 ++-- docs/security.html | 20 +++++++++++++++++++- lib/wifi.js | 10 +++++++++- 4 files changed, 35 insertions(+), 4 deletions(-) diff --git a/docs/history.html b/docs/history.html index dd361406..cc2ee289 100644 --- a/docs/history.html +++ b/docs/history.html @@ -57,6 +57,11 @@

Full version history

+ + 5.21.7 + 2023-09-19 + wifiConnections() wifiNetworks()fixed security issue (linux) + 5.21.6 2023-09-18 diff --git a/docs/index.html b/docs/index.html index b36c0057..02507ff8 100644 --- a/docs/index.html +++ b/docs/index.html @@ -166,11 +166,11 @@
- Security advisory:
Update to v5.6.13
+ Security advisory:
Update to v5.21.7
systeminformation
 
-
New Version: 5.21.6
+
New Version: 5.21.7
diff --git a/docs/security.html b/docs/security.html index f83404b2..20168eaa 100644 --- a/docs/security.html +++ b/docs/security.html @@ -49,6 +49,24 @@

Passing User Paramters to Systeminformation

This can lead to serious impact on your servers!

We highly recommend to always upgrade to the latest version of our package. We maintain security updates for version 5 AND also version 4. For version 4 you can install latest version by placing "systeminformation": "^4" in your package.json (dependencies) and run npm install

+

SSID Command Injection Vulnerability

+

Affected versions: + < 5.21.07 and < 4.34.22
+ Date: 2023-09-19
+ CVE indentifier - +

+ +

Impact

+

We had an issue that there was a possibility to perform a potential command injection possibility by crafting detected SSIDs in wifiConnections(), wifiNetworks().

+ +

Patch

+

Problem was fixed with parameter checking. Please upgrade to version >= 5.7.21 (or >= 4.34.22 if you are using version 4).

+ +

Workaround

+

If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only)

+
+
+

Command Injection Vulnerability

Affected versions: < 5.6.13 and < 4.34.21
@@ -255,4 +273,4 @@

Workaround

- \ No newline at end of file + diff --git a/lib/wifi.js b/lib/wifi.js index ea6a4f59..40626d42 100644 --- a/lib/wifi.js +++ b/lib/wifi.js @@ -549,7 +549,15 @@ function wifiConnections(callback) { const wpaDetails = wpaConnectionLinux(ifaceSanitized); const ssid = nmiDetails.ssid || wpaDetails.ssid; const network = networkList.filter(nw => nw.ssid === ssid); - const nmiConnection = nmiConnectionLinux(ssid); + let ssidSanitized = ''; + const t = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(ssid, true); + for (let i = 0; i <= util.mathMin(t.length, 2000); i++) { + if (t[i] !== undefined) { + ssidSanitized = ssidSanitized + t[i]; + } + } + + const nmiConnection = nmiConnectionLinux(ssidSanitized); const channel = network && network.length && network[0].channel ? network[0].channel : (wpaDetails.channel ? wpaDetails.channel : null); const bssid = network && network.length && network[0].bssid ? network[0].bssid : (wpaDetails.bssid ? wpaDetails.bssid : null); if (ssid && bssid) {