Unauthenticated users can execute arbitrary code as root

[rara1234]

I think i've found a way for an unauthenticated user execute any arbitrary code as root (including modifying system files, change or reset permissions etc.). Is this the correct place to detail this? Does limetech have a bug bounty program?

[limetech]

I think i've found a way for an unauthenticated user execute any arbitrary code as root (including modifying system files, change or reset permissions etc.). Is this the correct place to detail this? Does limetech have a bug bounty program?

 

Yes we have a 'todo' item to close this loophole (if it's what I think you found).  Please send me an email: [email protected]

 

We don't have a 'bounty' system in place but we have talked about implementing this for features - if we did it for bugs we'd probably go broke in a week 

[rara1234]

shame 

 

i've sent you a note, Tom.

[CHBMB]

I think i've found a way for an unauthenticated user execute any arbitrary code as root (including modifying system files, change or reset permissions etc.). Is this the correct place to detail this? Does limetech have a bug bounty program?

 

Yes we have a 'todo' item to close this loophole (if it's what I think you found).  Please send me an email: [email protected]

 

We don't have a 'bounty' system in place but we have talked about implementing this for features - if we did it for bugs we'd probably go broke in a week 

 

So has this been closed then Tom?

[limetech]

Should be...

[CHBMB]

Should be...

 

Good to know.. Thanks

[NAS]

Are we going to disclose the details of this? Thats the typical conclusion to this type of report.

[BRiT]

One could simply issue a http post or http get to emhttp and execute arbitrary code. If you look at the thread Important Update for Plugin Authors for Unraid 6.1 it contains the details needed. I think it was in the Update page.

 

The solution was to go with a jailed-like environment so only commands under emhttp root are able to be executed.