logo

Database

Local file inclusion In picklescan

Description

Picklescan vulnerable to Arbitrary File Writing

Summary

Picklescan has got open() and shutil in its default dangerous blocklist to prevent arbitrary file overwrites. However the module distutils isnt blocked and can be used for the same purpose ie to write arbitrary files.

Details

This is another vulnerability which impacts the downstream user.

By constructing a pickle that user distutils.file_util.write_file, an attacker can overwrite critical system files (like .ssh/authorized_keys, web server configurations, or source code) to achieve DoS or escalate to RCE.

PoC

import pickle
import distutils.file_util

class FileWriteBypass:
    def __reduce__(self):
        
        target_file = "pwned_config.env"
        content = ["print('I have overwritten your config')"]...
image

To fix this just add disutil to the blacklist

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GHSA-m273-6v24-x4m42. GCVE-GHSA-m273-6v24-x4m4

References

1. https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m273-6v24-x4m42. https://github.com/mmaitre314/picklescan/pull/533. https://github.com/mmaitre314/picklescan/commit/70c1c6c31beb6baaf52c8db1b6c3c0e84a6f9dab4. https://github.com/mmaitre314/picklescan/releases/tag/v0.0.33

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.