Bug 521344 (CVE-2014-0485)

Description Kristian Fiskerstrand (RETIRED) 2014-08-28 09:01:36 UTC

From ${URL}:
Nikolaus Rath discovered a vulnerability in s3ql which can result in
remote code execution, caused by the unsafe use of Python's pickle
serialization library.

The upstream commit is here:

  <https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8>

(This issue was reported privately to Debian, the distros list was
notified, and this is the public heads-up required by list policy.)


###

From: https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8 : 

SECURITY UPDATE for CVE-2014-0485: Do not blindly unpickle untrusted data.

The pickle protocol allows an attacker to execute arbitrary code by
providing an appropriately crafted pickle stream. To fix this vulnerability,
we prohibit the Unpickler to access any globals. This means that only
Python objects constructed from dict, list, tuple, str, unicode, int, float,
complex, bool and None can be unpickled. Luckily, this is enough to
reconstruct for the kind of data stored by S3QL.

Note that a pickle stream is still able to trigger code execution. However,
code execution is limited to calling the __call__, __new__ and __init__ methods
on instances of the above types (cf. http://hg.python.org/cpython/file/3.4/Lib/pickletools.py).
There is no way to access object attributes, so obtaining access to more
dangerous objects along the lines of http://nedbatchelder.com/blog/201302/finding_python_3_builtins.html
is not possible. While the pickle protocol may change in the future, but
Python 2.x is not going to add support for newer pickle protocols.