ps
Corrigido em
1.0.0
CVE-2018-16460 describes a command injection vulnerability affecting the ps Node.js module. This flaw allows attackers to execute arbitrary commands on the system by manipulating the process ID (PID) parameter. The vulnerability impacts versions of ps before 1.0.0 and can be exploited to gain unauthorized access and control. A fix is available in version 1.0.0.
The impact of this vulnerability is severe. An attacker can inject arbitrary commands into the ps.lookup() function by crafting a malicious PID. This allows them to execute system commands with the privileges of the Node.js process, potentially leading to complete system compromise. Successful exploitation could result in data theft, malware installation, or denial of service. The proof-of-concept demonstrates the ease of exploitation, creating a file named 'success.txt' on the filesystem, highlighting the potential for more damaging commands.
This vulnerability was publicly disclosed on September 17, 2018. A proof-of-concept (PoC) was also released, demonstrating the ease of exploitation. While there's no confirmed active exploitation reported on KEV or EPSS, the availability of a simple PoC increases the risk of opportunistic attacks. The CVSS score of 9.8 reflects the critical severity and ease of exploitation.
Applications and systems using the ps Node.js module in their dependencies are at risk, particularly those that dynamically construct process IDs or do not properly sanitize user input used in the ps.lookup() function. Projects relying on outdated dependencies or those with weak input validation practices are especially vulnerable.
• nodejs / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*node*'}• nodejs / supply-chain:
Get-ChildItem -Path Env:NODE_PATH -Recurse -Filter 'ps*' | Select-Object FullName• linux / server:
lsof -i -P | grep node• linux / server:
ps aux | grep 'ps.lookup(' # Look for suspicious argumentsdisclosure
Status do Exploit
EPSS
3.49% (percentil 88%)
Vetor CVSS
The primary mitigation is to upgrade the ps Node.js module to version 1.0.0 or later. If upgrading is not immediately feasible, consider implementing input validation on the PID parameter to prevent command injection. While a direct WAF rule is unlikely, a proxy could be configured to inspect the request for suspicious command patterns before forwarding it to the Node.js application. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring for the creation of unexpected files (like 'success.txt' in the PoC) can be a useful indicator.
Nenhum patch oficial disponível. Procure alternativas ou monitore atualizações.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2018-16460 is a critical command injection vulnerability in the ps Node.js module, allowing attackers to execute arbitrary commands by manipulating process IDs.
You are affected if you are using a version of the ps Node.js module prior to 1.0.0 and have not implemented proper input validation.
Upgrade the ps Node.js module to version 1.0.0 or later. If immediate upgrade is not possible, implement input validation on the PID parameter.
While there's no confirmed active exploitation, the availability of a simple proof-of-concept increases the risk of opportunistic attacks.
Refer to the npm advisory and the project's repository for more information: [https://snyk.io/vuln/SNYK-JS-PS-463378](https://snyk.io/vuln/SNYK-JS-PS-463378)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.