** Changed in: openobject-client-web
Milestone: 6.0-rc2 => 6.0.2
** Changed in: openobject-client-web
Assignee: Stephane Wirtel (OpenERP) (stephane-openerp) => OpenERP SA's Web
Client R&D (openerp-dev-web)
** Changed in: openobject-client
Milestone: 6.0-rc2 => 6.0.2
** Changed in: openobject-client
Assignee: Stephane Wirtel (OpenERP) (stephane-openerp) => OpenERP sa GTK
client R&D (openerp-dev-gtk)
--
You received this bug notification because you are a member of OpenERP
SA's Web Client R&D, which is a bug assignee.
https://bugs.launchpad.net/bugs/671926
Title:
NET-RPC client-side stack should sanitize pickled data
Status in OpenERP GTK Client:
Confirmed
Status in OpenERP GTK Client 5.0 series:
Confirmed
Status in OpenERP Web Client:
Confirmed
Status in OpenERP Web Client 5.0 series:
Confirmed
Bug description:
It's possible to execute arbritrary code on client using net-rpc
(pickle protocol) see http://nadiana.com/python-pickle-insecure
If you use the client to connect to some demo server and this demo
server is malicious, it can send malicious code which is executed in
client side.
I attach a exploit server who sends code to execute to client. Run a
ls -l and redirect the output to proof_of_exploit.txt file.
This bug was fixed in the server, but not in the client.
Affects versions 4.2, 5.X and 6.X
_______________________________________________
Mailing list: https://launchpad.net/~openerp-dev-web
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openerp-dev-web
More help : https://help.launchpad.net/ListHelp
