Address RVD#2401 #170
Merged
Address RVD#2401 #170
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Our team at @aliasrobotics identified and reported in RVD#2401 the use of unsafe yaml load (aliasrobotics/RVD#2401). After triaging the flaw we detected that it was exploitable and could lead to local (or remote, based on certain common user interaction) code execution. Specifically, the flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in ROS, an attacker could build a malicious payload and execute arbitrary code in Python. A PoC is available but have decided not to disclose it for now and until this is mitigated and debs are available. Peer-researched and coded with @ibaiape.
|
Ping @mjcarroll. Also a quick check (though I went fast and might've gotten it wrong for some) confirmed that this is applicable to previous ROS distros so this same patch needs to be applied to them. |
mjcarroll
approved these changes
Aug 21, 2020
mjcarroll
pushed a commit
that referenced
this pull request
Aug 21, 2020
Our team at @aliasrobotics identified and reported in RVD#2401 the use of unsafe yaml load (aliasrobotics/RVD#2401). After triaging the flaw we detected that it was exploitable and could lead to local (or remote, based on certain common user interaction) code execution. Specifically, the flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in ROS, an attacker could build a malicious payload and execute arbitrary code in Python. A PoC is available but have decided not to disclose it for now and until this is mitigated and debs are available. Peer-researched and coded with @ibaiape.
mjcarroll
added a commit
that referenced
this pull request
Aug 21, 2020
Our team at @aliasrobotics identified and reported in RVD#2401 the use of unsafe yaml load (aliasrobotics/RVD#2401). After triaging the flaw we detected that it was exploitable and could lead to local (or remote, based on certain common user interaction) code execution. Specifically, the flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in ROS, an attacker could build a malicious payload and execute arbitrary code in Python. A PoC is available but have decided not to disclose it for now and until this is mitigated and debs are available. Peer-researched and coded with @ibaiape. Co-authored-by: Víctor Mayoral Vilches <v.mayoralv@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our team at @aliasrobotics identified and reported in RVD#2401 the use of
unsafe yaml load (aliasrobotics/RVD#2401).
After triaging the flaw we detected that it was exploitable and could lead to
local (or remote, based on certain common user interaction) code execution.
Specifically, the flaw itself is caused by an unsafe parsing of YAML values which
happens whenever an action message is processed to be sent, and allows for the
creation of Python objects. Through this flaw in ROS, an attacker could build a
malicious payload and execute arbitrary code in Python. A PoC is available but
have decided not to disclose it for now and until this is mitigated and debs are
available.
Peer-researched and coded with @ibaiape.