Project

General

Profile

Actions

Bug #9061

closed

PowerD command parameter validation and escaping

Added by Jim Pingle almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
Hardware / Drivers
Target version:
Start date:
10/23/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

The powerd parameters powerd_ac_mode, powerd_battery_mode, and powerd_normal_mode are not validated against the list of expected mode strings in /usr/local/www/system_advanced_misc.php. They are also not escaped before use when invoking the powerd command inside activate_powerd() from /etc/inc/system.inc.

This can lead to an authenticated command injection for users with access to that page.

Actions #1

Updated by Jim Pingle almost 3 years ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Anonymous over 2 years ago

Could recreate the behavior on 2.4.4. On 2.4.5.a.20181102.0213, could not reproduce the behavior, received


The following input errors were detected:

    Invalid Battery Power mode.

after modifying the value of Battery Power mode and clicking Save.

Actions #3

Updated by Anonymous over 2 years ago

  • Status changed from Feedback to Resolved
Actions #4

Updated by Jim Pingle over 2 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF