Corgea LogoCorgea Security Hub

CWE-426: Untrusted Search Path

Learn about CWE-426 (Untrusted Search Path), its security impact, exploitation methods, and prevention guidelines.

What is Untrusted Search Path?

• Overview: Untrusted Search Path (CWE-426) occurs when a software program uses a search path to locate critical resources, like executables or libraries, and that path can be influenced or controlled externally, allowing potential redirection to malicious resources.

• Exploitation Methods:

  • Attackers can manipulate environment variables (e.g., PATH, LD_PRELOAD) to direct the software to execute malicious programs or libraries.
  • Common attack patterns include placing malicious files in directories that are searched before the legitimate resource locations.

• Security Impact:

  • Direct consequences include the execution of unauthorized or malicious code.
  • Potential cascading effects include unauthorized data access, data corruption, and unauthorized configuration changes.
  • Business impact can include loss of data integrity, system downtime, and damage to company reputation.

• Prevention Guidelines:

  • Use absolute paths to critical resources instead of relying on search paths.
  • Validate and sanitize environment variables and other inputs that affect resource location.
  • Employ code-signing and verification techniques to ensure the integrity of loaded executables and libraries.
  • Utilize security tools and frameworks that provide secure path handling and resource loading mechanisms.

Corgea can automatically detect and fix Untrusted Search Path in your codebase. Try Corgea free today.

Technical Details

Likelihood of Exploit: High

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

const { exec } = require('child_process');

function executeCommand() {
    // Vulnerable code: Using exec without specifying a full path can lead to execution of malicious scripts.
    // If an attacker controls the PATH environment variable, they can inject malicious scripts by placing them earlier in the PATH.
    exec('my_script.sh', (error, stdout, stderr) => {
        if (error) {
            console.error(`Error: \${error.message}`);
            return;
        }
        console.log(`Output: \${stdout}`);
    });
}

executeCommand();

How to fix Untrusted Search Path?

To mitigate the Untrusted Search Path issue in JavaScript, always specify the full path for any scripts or executables that are invoked. This prevents potential exploitation through manipulated environment variables that could redirect to malicious scripts. Additionally, consider using execFile over exec, as it does not invoke a shell and reduces the risk of shell injection vulnerabilities.

Fixed Code Example

const { execFile } = require('child_process');

function executeCommand() {
    // Fixed code: Specify the full path to the script to avoid executing malicious scripts.
    // Use execFile for improved security as it does not invoke a shell, reducing the risk of shell injection.
    execFile('/usr/local/bin/my_script.sh', (error, stdout, stderr) => {
        if (error) {
            console.error(`Error: \${error.message}`);
            return;
        }
        console.log(`Output: \${stdout}`);
    });
}

executeCommand();

These examples demonstrate the importance of specifying absolute paths to executables and using safer alternatives to shell-based command execution to protect against untrusted search path vulnerabilities. By doing so, you ensure that only the intended scripts are executed, and you minimize the risk of executing potentially malicious code.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-426: Untrusted Search Path and get remediation guidance

Start for free and no credit card needed.