This advisory describes a command execution vulnerability in Shadowsocks-libev's ss-manager component, where malicious commands can be injected via the 'method' parameter in JSON configuration files or UDP requests. The vulnerability arises from improper handling of user-supplied input in the 'construct_command_line' function, leading to arbitrary command execution.
Classification
Writeup 100%
Target:
Shadowsocks-libev 3.1.0
No auth needed
Prerequisites:
Access to UDP port 8839 on 127.0.0.1 or ability to modify configuration files