Bug #14809: ``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding - pfSense - pfSense bugtracker

Actions

Copy link

Bug #14809

closed

``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding

Added by Jim Pingle about 1 year ago. Updated about 1 year ago.

Status:

Resolved

Priority:

Urgent

Assignee:

Jim Pingle

Category:

Packet Capture

Target version:

2.7.1

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

23.09

Release Notes:

Default

Affected Version:

Affected Architecture:

Description

The packet_capture.php page uses the values of count and length when executing tcpdump and it doesn't validate that these parameters are the intended type or encode them before use.

The form type is set to 'number' but that client-side validation does not prevent clients from submitting invalid data.

Due to a lack of escaping on commands in the functions being called, it is possible to execute arbitrary commands with a properly formatted submission value for $_POST['count'] or $_POST['length'].

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #14809

``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding

Updated by Jim Pingle about 1 year ago

Updated by Marcos M about 1 year ago

Updated by Jim Pingle about 1 year ago

Updated by Jim Pingle about 1 year ago