Published:2024/02/07  Last Updated:2024/02/07

JVN#44033918
Zeroshell vulnerable to OS command injection

Overview

Zeroshell Linux distribution contains an OS command injection vulnerability.

Products Affected

  • Zeroshell 3.9.3 and earlier
The reporter verified this vulnerability on 3.9.3.
It is unknown whether the issue is fixed or not on later versions.
See also [JPCERT/CC Addendum] section below.

Description

The web interface of Zeroshell, Linux distribution provided by Zeroshell.org, contains an OS command injection vulnerability (CWE-78).

Impact

Processing a crafted HTTP request may lead to an arbitrary OS command execution.

Solution

Stop using the product
The developer states that the affected product is no longer being developed and is End-of-support in 2021.
The developer recommends stop using the product.

Vendor Status

References

  1. The Exploit Database
    Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution

JPCERT/CC Addendum

This vulnerability was reported on August 2020.
The Zeroshell project reached EOL on April 2021.
The communication with the developer was established on November 2023, and this JVN publication was agreed upon.

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score: 9.8
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score: 7.5
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

Hirukawa Norihiko of MYT Consulting Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-29390
JVN iPedia JVNDB-2020-013805