ps
Opgelost in
1.0.0
CVE-2018-16460 describes a command injection vulnerability affecting the ps Node.js module. This flaw allows attackers to execute arbitrary commands on the system by manipulating the process ID (PID) parameter. The vulnerability impacts versions of ps before 1.0.0 and can be exploited to gain unauthorized access and control. A fix is available in version 1.0.0.
The impact of this vulnerability is severe. An attacker can inject arbitrary commands into the ps.lookup() function by crafting a malicious PID. This allows them to execute system commands with the privileges of the Node.js process, potentially leading to complete system compromise. Successful exploitation could result in data theft, malware installation, or denial of service. The proof-of-concept demonstrates the ease of exploitation, creating a file named 'success.txt' on the filesystem, highlighting the potential for more damaging commands.
This vulnerability was publicly disclosed on September 17, 2018. A proof-of-concept (PoC) was also released, demonstrating the ease of exploitation. While there's no confirmed active exploitation reported on KEV or EPSS, the availability of a simple PoC increases the risk of opportunistic attacks. The CVSS score of 9.8 reflects the critical severity and ease of exploitation.
Applications and systems using the ps Node.js module in their dependencies are at risk, particularly those that dynamically construct process IDs or do not properly sanitize user input used in the ps.lookup() function. Projects relying on outdated dependencies or those with weak input validation practices are especially vulnerable.
• nodejs / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*node*'}• nodejs / supply-chain:
Get-ChildItem -Path Env:NODE_PATH -Recurse -Filter 'ps*' | Select-Object FullName• linux / server:
lsof -i -P | grep node• linux / server:
ps aux | grep 'ps.lookup(' # Look for suspicious argumentsdisclosure
Exploit Status
EPSS
3.49% (88% percentiel)
CVSS-vector
The primary mitigation is to upgrade the ps Node.js module to version 1.0.0 or later. If upgrading is not immediately feasible, consider implementing input validation on the PID parameter to prevent command injection. While a direct WAF rule is unlikely, a proxy could be configured to inspect the request for suspicious command patterns before forwarding it to the Node.js application. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring for the creation of unexpected files (like 'success.txt' in the PoC) can be a useful indicator.
Geen officiële patch beschikbaar. Zoek naar tijdelijke oplossingen of monitor updates.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2018-16460 is a critical command injection vulnerability in the ps Node.js module, allowing attackers to execute arbitrary commands by manipulating process IDs.
You are affected if you are using a version of the ps Node.js module prior to 1.0.0 and have not implemented proper input validation.
Upgrade the ps Node.js module to version 1.0.0 or later. If immediate upgrade is not possible, implement input validation on the PID parameter.
While there's no confirmed active exploitation, the availability of a simple proof-of-concept increases the risk of opportunistic attacks.
Refer to the npm advisory and the project's repository for more information: [https://snyk.io/vuln/SNYK-JS-PS-463378](https://snyk.io/vuln/SNYK-JS-PS-463378)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.