CVE-2017-16024
Information Disclosure vulnerability in sync-exec (npm)
What is CVE-2017-16024 About?
This vulnerability in `sync-exec` allows for information disclosure by using files in `/tmp/` to buffer command results. Low-privileged users can read sensitive command outputs from higher-privileged processes. This is relatively easy to exploit through local file access on the system.
Affected Software
Technical Details
Affected versions of the sync-exec package use temporary files located in the world-readable /tmp/ directory to store the buffered results of executed commands. When sync-exec is run by a high-privilege user, the output of the commands it executes is written to these temporary files. Due to the permissive access rights of /tmp/, a low-privilege local user can read the contents of these temporary files, thereby gaining unauthorized access to the command outputs, which may contain sensitive information.
What is the Impact of CVE-2017-16024?
Successful exploitation may allow attackers to read sensitive data from command executions performed by higher-privileged users, potentially leading to further compromise of the system.
What is the Exploitability of CVE-2017-16024?
Exploitation requires local access to the affected system. It is of low complexity, as it involves simply reading files from a publicly accessible temporary directory. No authentication is needed to read from /tmp/ if permissions are default. The primary prerequisite is that sync-exec is run by a higher-privileged user, and a low-privileged user has local access to the system to read the temporary files. The risk is heightened in multi-user environments where privileged processes frequently use sync-exec.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2017-16024?
Available Upgrade Options
- No fixes available
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2017-16024
- https://cwe.mitre.org/data/definitions/377.html
- https://cwe.mitre.org/data/definitions/377.html
- https://github.com/gvarsanyi/sync-exec/issues/17
- https://github.com/advisories/GHSA-38h8-x697-gh8q
- https://github.com/gvarsanyi/sync-exec/issues/17
- https://www.npmjs.com/advisories/310
- https://osv.dev/vulnerability/GHSA-38h8-x697-gh8q
- https://www.owasp.org/index.php/Insecure_Temporary_File
- https://nodesecurity.io/advisories/310
What are Similar Vulnerabilities to CVE-2017-16024?
Similar Vulnerabilities: CVE-2011-0421 , CVE-2018-1000632 , CVE-2019-1010184 , CVE-2020-13757 , CVE-2021-39276
