CVE-2015-20107 PoC — Python 命令注入漏洞

Source

https://github.com/codeskipper/python-patrol

Associated Vulnerability

Title:Python 命令注入漏洞 (CVE-2015-20107)
Description:Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python 3.10.4 版本及之前版本存在命令注入漏洞，该漏洞源于 mailcap 模块不会将转义字符添加到系统 mailcap 文件中发现的命令中。

Description

Scan for python installations on macOS, and run CVE-2015-20107.py script to report if patching is needed

Readme

# Python Patrol
Scan for python installations on macOS, and run CVE-2015-20107.py script to report if patching is needed

Several of these scripts need Full Disk Access permissions and must be run as root so it can scan the entire macOS filesystem (except the areas restricted by macOS)

Make sure to run this from an app with Full Disk Access permission - i.e. ensure iTerm.app has
Full Disk Access enabled in Apple System Settings, Security & Privacy Privacy & Security.

---

## How to use
Clone this repo

cd into the cloned repo directory

run
```
sudo ./python-patrol.zsh
```

---

## Example output:
```
...
lrwxr-xr-x  1 root  wheel  9 Apr 24 13:46 /Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/bin/python3 -> python3.9
=====CVE-2015-20107.py START=====
python_path:/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/bin/python3 python_version:3.9.6
Warning encountered trying to use unquoted mailcap path: Refusing to use mailcap with filename "'$(xterm);#.txt". Use a safe temporary filename.
CVE-2015-20107 patched OK, exiting without error.
=====CVE-2015-20107.py STOP=====


lrwxrwxr-x  1 root  admin  9 Apr 26 13:59 /Library/Frameworks/Python.framework/Versions/3.9/bin/python3 -> python3.9
=====CVE-2015-20107.py START=====
python_path:/Library/Frameworks/Python.framework/Versions/3.9/bin/python3 python_version:3.9.11
No warning or error encountered importing unquoted mailcap path...!
CVE-2015-20107 NOT patched, PLEASE UPDATE OR UNINSTALL THIS PYTHON VERSION!
=====CVE-2015-20107.py STOP=====
...
```


## uninstall outdated versions installed from python.org packages
for instance, uninstall the discovered, outdated and vulnerable version 3.9.11 as follows
```
sudo ./uninstall_python.org_pkg.zsh 3.9
```

File Snapshot


 [4.0K]  /data/pocs/185f1e98b80dd3f344339c1b26ef5acc296894df
├── [1.4K]  CVE-2015-20107.py
├── [1.8K]  python-patrol.zsh
├── [1.8K]  README.md
└── [1.9K]  uninstall_python.org_pkg.zsh

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!