UAC Command Injection Vulnerability via Placeholder Substitution
Vulnerability
A command injection vulnerability has been identified in UAC (Unix-like Artifacts Collector) versions prior to 3.3.0-rc1. The vulnerability arises because the _run_command() function directly passes constructed command strings to eval without proper sanitization. This flaw allows attackers to inject shell metacharacters or command substitutions through controlled inputs, such as %line% values from foreach iterators and %user% / %user_home% values derived from system files. Exploitation of this vulnerability could lead to arbitrary command execution with the privileges of the UAC process.
Impact
Exploitation of this vulnerability allows for arbitrary command execution with the privileges of the UAC process.
Reproduction
The vulnerability can be reproduced by using UAC versions prior to 3.3.0-rc1 and injecting commands through the %line%, %user%, or %user_home% placeholders. This can be done by creating a foreach iterator that includes shell metacharacters or command substitutions, and by using values from system files that are accessible to the UAC process.
Remediation
Users can upgrade to UAC version 3.3.0-rc1 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.