CVE-2016-10538
Arbitrary File Write vulnerability in cli (npm)
What is CVE-2016-10538 About?
This is an Arbitrary File Write vulnerability in affected versions of the `cli` package due to predictable temporary file names. Successful exploitation allows an attacker to write arbitrary data to any file accessible by the `cli` process, potentially leading to privilege escalation or system compromise, and is relatively easy to exploit via symbolic links.
Affected Software
Technical Details
The vulnerability arises because affected versions of the cli package use predictable temporary file names, specifically /tmp/cli.app.pid and /tmp/cli.app.log. An attacker can exploit this by preemptively creating symbolic links at these predictable locations, pointing to arbitrary files on the system that the cli process has write permissions to. When the cli application attempts to write to its temporary PID or log file, it will instead write the data to the target of the symbolic link, allowing the attacker to arbitrarily write to any file on the system. This can overwrite critical system files or inject malicious code into configuration files.
What is the Impact of CVE-2016-10538?
Successful exploitation may allow attackers to write arbitrary data to files, leading to data corruption, denial of service, privilege escalation, or full system compromise.
What is the Exploitability of CVE-2016-10538?
Exploitation requires local access to the system where the cli process is running. The attacker must be able to create symbolic links in the /tmp/ directory. The complexity is low, as it primarily involves creating symbolic links before the cli process attempts to write to its temporary files. No authentication within the cli application itself is required, although local system access is a prerequisite. The attacker needs to ensure the cli process starts or performs a write operation after the symbolic links are in place. Risk factors include systems where multiple users have shell access and the cli application is used with vulnerable versions.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2016-10538?
Available Upgrade Options
- cli
- <1.0.0 → Upgrade to 1.0.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2016-10538
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252
- https://github.com/advisories/GHSA-6cpc-mj5c-m9rq
- https://nodesecurity.io/advisories/95
- https://github.com/node-js-libs/cli/issues/81
- https://osv.dev/vulnerability/GHSA-6cpc-mj5c-m9rq
- https://github.com/node-js-libs/cli/issues/81
- https://www.npmjs.com/advisories/95
What are Similar Vulnerabilities to CVE-2016-10538?
Similar Vulnerabilities: CVE-2017-5945 , CVE-2019-10651 , CVE-2016-10732 , CVE-2018-1000005 , CVE-2019-13042
