*** This bug is a security vulnerability *** Olivier Dony (OpenERP) (odo) has assigned this bug to you for 5.0:
It's possible to execute arbritrary code on client using net-rpc (pickle protocol) see http://nadiana.com/python-pickle-insecure If you use the client to connect to some demo server and this demo server is malicious, it can send malicious code which is executed in client side. I attach a exploit server who sends code to execute to client. Run a ls -l and redirect the output to proof_of_exploit.txt file. This bug was fixed in the server, but not in the client. Affects versions 4.2, 5.X and 6.X ** Affects: openobject-client Importance: Critical Assignee: Stephane Wirtel (OpenERP) (stephane-openerp) Status: Confirmed ** Affects: openobject-client/5.0 Importance: Critical Assignee: Stephane Wirtel (OpenERP) (stephane-openerp) Status: Confirmed ** Affects: openobject-client-web Importance: Critical Assignee: OpenERP SA's Web Client R&D (openerp-dev-web) Status: Confirmed ** Affects: openobject-client-web/5.0 Importance: Critical Assignee: Stephane Wirtel (OpenERP) (stephane-openerp) Status: Confirmed ** Tags: maintenance pickle security -- NET-RPC client-side stack should sanitize pickled data https://bugs.launchpad.net/bugs/671926 You received this bug notification because you are a member of OpenERP SA's Web Client R&D, which is a bug assignee. _______________________________________________ Mailing list: https://launchpad.net/~openerp-dev-web Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-dev-web More help : https://help.launchpad.net/ListHelp
