lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [day] [month] [year] [list] 
Message-ID: <q-vZoUZJXBdU3N-3PmcHqU_RaqNheAIN8suHpqLGQLIlIkhQ74pM02V-d40mdOnnJu61gOCjsqCYCXgvii4uOWkA1d--MbiVBzN00yImpS0=@protonmail.com>
Date: Fri, 07 Mar 2025 16:54:02 +0000
From: areca-palm via Fulldisclosure <fulldisclosure@...lists.org>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] Multiple sandbox escapes in asteval python sandboxing module

[CVE pending]

Sandboxing Python is notoriously difficult, the Python module "asteval" is no exception. Add to this the fact that a large set of numpy functions are exposed within the sandbox by default.
Versions <=1.06 are vulnerable.
This vuln has been disclosed to the maintainer, who closed the security advisory and has since pushed his own fix to master. A CVE is still pending. Publishing the vulnerability through this list will hopefully inform users that are running vulnerable versions.

========================================================================
Summary
========================================================================
An attacker who can pass input to the `asteval` library, when this is used with `numpy` functions in the symbol table (the default setting), can bypass restrictions and execute arbitrary code as the user who ran the python process.

========================================================================
Details
========================================================================
`numpy.ndarray` has an attribute `ctypes` (https://numpy.org/doc/stable/reference/generated/numpy.ndarray.ctypes.html#numpy.ndarray.ctypes).
This object is intended to support interfacing with the `ctypes` module. It has an undocumented attribute `_ctypes` which is a reference to the `ctypes` module, which exposes direct memory R/W primitives and interfaces to C libraries.

This attribute is not filtered via asteval's filter on attribute access, `safe_getattr`.

`asteval` adds a set of `numpy` functions to its symbol table by default. In: https://github.com/lmfit/asteval/blob/40c31962bbdfe1012aacca1892a8d9263a67258e/asteval/astutils.py#L506 (`use_numpy=True`)
The set of numpy functions which are added: https://github.com/lmfit/asteval/blob/40c31962bbdfe1012aacca1892a8d9263a67258e/asteval/astutils.py#L111-L157

Any of these numpy functions that provide the user with a reference to an instance of `numpy.ndarray` will expose a path to `ctypes`.
The most trivial of these is `numpy.array`, though with how much of a cornerstone of the `numpy` library this datatype is, there are abundant paths to the `numpy.ndarray`, to the point where removing all of them from `asteval` would be prohibitive to the added value of including the `numpy` module in the first place.

========================================================================
POC
========================================================================
```python
array([]).ctypes._ctypes.CDLL('libc.so.6').system(b"whoami")
```

========================================================================
Hashes of further zero-days in asteval
========================================================================
Here are a set of sha256sum-hashes of a series of as of yet unpublished vulnerabilities, which affect the latest version of asteval:
53af0c5634bbb95889163acedf139d847ff381561a4c908e9c3dc7fc04c4fae6
256eaf6b9825d4126d6b7247f6146fd44f0d54e4bf2238aedf05297cfb1b50c6
6c8d0e0b8909bca2f20547c91ab81a7ba6cb59b0ab7d71454e651e09196f4983

========================================================================
Discoverer
========================================================================
Ward Theunisse

========================================================================
History
========================================================================
Jan 31, 2025: Informed lmfit of vulnerability through github security advisories
Feb 20, 2025: Security advisory closed by lmfit
Feb 21, 2025: Fix published by lmfit
Mar 7, 2025: Public disclosure of vulnerability
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ