rara1234 Posted July 19, 2015 Share Posted July 19, 2015 I think i've found a way for an unauthenticated user execute any arbitrary code as root (including modifying system files, change or reset permissions etc.). Is this the correct place to detail this? Does limetech have a bug bounty program? Quote Link to comment
limetech Posted July 19, 2015 Share Posted July 19, 2015 I think i've found a way for an unauthenticated user execute any arbitrary code as root (including modifying system files, change or reset permissions etc.). Is this the correct place to detail this? Does limetech have a bug bounty program? Yes we have a 'todo' item to close this loophole (if it's what I think you found). Please send me an email: [email protected] We don't have a 'bounty' system in place but we have talked about implementing this for features - if we did it for bugs we'd probably go broke in a week Quote Link to comment
rara1234 Posted July 19, 2015 Author Share Posted July 19, 2015 shame i've sent you a note, Tom. Quote Link to comment
CHBMB Posted September 1, 2015 Share Posted September 1, 2015 I think i've found a way for an unauthenticated user execute any arbitrary code as root (including modifying system files, change or reset permissions etc.). Is this the correct place to detail this? Does limetech have a bug bounty program? Yes we have a 'todo' item to close this loophole (if it's what I think you found). Please send me an email: [email protected] We don't have a 'bounty' system in place but we have talked about implementing this for features - if we did it for bugs we'd probably go broke in a week So has this been closed then Tom? Quote Link to comment
CHBMB Posted September 1, 2015 Share Posted September 1, 2015 Should be... Good to know.. Thanks Quote Link to comment
NAS Posted September 2, 2015 Share Posted September 2, 2015 Are we going to disclose the details of this? Thats the typical conclusion to this type of report. Quote Link to comment
BRiT Posted September 2, 2015 Share Posted September 2, 2015 One could simply issue a http post or http get to emhttp and execute arbitrary code. If you look at the thread Important Update for Plugin Authors for Unraid 6.1 it contains the details needed. I think it was in the Update page. The solution was to go with a jailed-like environment so only commands under emhttp root are able to be executed. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.