Researchers have identified a 15-calendar year-outdated vulnerability discovered in a Python module and identified that hundreds of thousands of repositories are exposed to it.
Trellix Innovative Analysis Center uncovered the vulnerability in Python’s tarfile module, the team unveiled yesterday. 1st, the centre imagined it had observed a new zero-day vulnerability but then realised it was CVE-2007-4559, a vulnerability first uncovered in 2007.
The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that let an attacker to overwrite arbitrary data files by including the “…” sequence to filenames in a TAR archive.
Tarfiles are a collection of various diverse files and metadata which are then utilised to unarchive the tarfile. The metadata in a tar archive can have information on its identify, measurement, owner, and when it was archived.
Attackers simply require to insert “…” with a separator for the running technique, either “/” or “”, into the file identify to escape the listing the file is meant to be extracted to. The tarfile module also lets users add a filter that can be utilized to parse and modify a file’s metadata right before it’s extra to the tar archive. This lets attackers generate their exploits with as little as six lines of code.
Through its research, Trellix discovered that hundreds of thousands of repositories have been exposed to the vulnerability.
“While the vulnerability was at first only marked as a 6.8, we had been capable to validate that in most circumstances an attacker can achieve code execution from the file publish,” wrote the centre.
Treliix added that the vulnerability is very uncomplicated to exploit, necessitating small to no expertise about sophisticated security topics. It added that it’s patching as numerous open-supply repositories as achievable as nicely as offering a way to scan closed-supply repositories.
Yet another Python vulnerability was discovered in May well this yr but in one particular of its popular open up-supply offers. Two open-source offers, Python’s CTX and PHP’s phpass, were being identified to be compromised which led to developers attempting to fully grasp their exposure to the vulnerability. All around 3 million consumers have been envisioned to be afflicted by the compromise, with one business enterprise by now reporting it experienced been influenced.
Some parts of this post are sourced from: