Missing input sanitization in parallel configuration file
Input read from the parallel configuration file, specifically from the UserName
, ComputerName
, and RemoteDirectory
fields, is passed directly to a system
call without any sanitization.
Command injection example with the UserName
field:
[cluster]
Name = LocalProfile1
Members = n1
[node]
Name = n1
ComputerName = 192.168.1.62
CPUnbr = 8
NumberOfThreadsPerJob = 1
OperatingSystem = unix
RemoteDirectory = test
UserName = & ping 127.0.0.1 &
Password = test
Intigriti submission reference: DYNARE-4CN0UV5J