Bug #2359: (Remote)Code-Execution while reading yaml-file - Suricata-Update - Open Information Security Foundation

Actions

Copy link

Bug #2359

closed

(Remote)Code-Execution while reading yaml-file

Added by Wolfgang Hotwagner almost 7 years ago. Updated almost 7 years ago.

Status:

Closed

Priority:

Urgent

Assignee:

Wolfgang Hotwagner

Target version:

1.0.0b1

Affected Versions:

Effort:

Difficulty:

Label:

Description

The list of possible sources for suricata-update is downloaded from "https://www.openinfosecfoundation.org/rules/index.yaml" per default. Suricata-Update uses the insecure yaml.load()-function. Code will be executed if the yaml-file contains lines like:

hello: !!python/object/apply:os.system ['ls -l > /tmp/output']

The vulnerable function can be triggered by "suricata-update list-sources". The locally stored index.yaml will be loaded in this function and the malicious code gets executed.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata » Suricata-Update

Bug #2359

(Remote)Code-Execution while reading yaml-file

Updated by Jason Ish almost 7 years ago

Updated by Jason Ish almost 7 years ago