Iman Sharafodin added the comment:
@serhiy.storchaka Thank you. Please find it here
https://bugs.python.org/issue41288 .
--
___
Python tracker
<https://bugs.python.org/issue41
New submission from Iman Sharafodin :
The following code generates a segfault on the Pickle module [it's a crafted
datetime object] (Python 3.10.0a0 (heads/master:b40e434, Jul 4 2020), Python
3.6.11 and Python 3.7.2):
import io
import pickle
hex_s
Iman Sharafodin added the comment:
@serhiy.storchaka you name it, you have it. The following code generates a
segfault on the Pickle module [it's a crafted datetime object] (Python 3.10.0a0
(heads/master:b40e434, Jul 4 2020), Python 3.6.11 and Python 3.7.2):
import io
import p
Iman Sharafodin added the comment:
There are many online Python interpreters, we can use this malicious file to
escape their sandboxes and get control of their Docker container or system (and
abuse them, for example, to conduct a DoS attack), as their fully trust that
Python doesn&#
Iman Sharafodin added the comment:
Nevertheless, I have an exploitable crash for the Pickle module too right now,
but as you're not interested, I didn't open an issue to share it. Thanks
anyway.
--
___
Python tracker
<https://bu
Iman Sharafodin added the comment:
Sure. Thank you.
--
___
Python tracker
<https://bugs.python.org/issue41208>
___
___
Python-bugs-list mailing list
Unsub
Iman Sharafodin added the comment:
It's interesting that you would not count a critical segfault in Pickle as a
threat, because there are numerous libraries that are Unpickling untrusted user
data (even-though some of them are using RestrictedUnpickler to protect
themselves but a seg
Iman Sharafodin added the comment:
I thought it's like Pickle. Then if we find an exploitable segfault just in
Pickle, you would count it as a threat?
--
___
Python tracker
<https://bugs.python.org/is
Iman Sharafodin added the comment:
What about patching that as a crash?
--
___
Python tracker
<https://bugs.python.org/issue41208>
___
___
Python-bugs-list m
Iman Sharafodin added the comment:
By using our proprietary fuzzer. I'm a cybersecurity researcher.
--
___
Python tracker
<https://bugs.python.org/is
New submission from Iman Sharafodin :
It seems that all versions of Python 3 are vulnerable to de-marshaling the
attached file (Python file is included). I've tested on Python 3.10.0a0
(heads/master:b40e434, Jul 4 2020), Python 3.6.11 and Python 3.7.2. This is
due to lack of p
Iman Sharafodin added the comment:
Thank you for the response.
--
___
Python tracker
<https://bugs.python.org/issue41189>
___
___
Python-bugs-list mailin
Iman Sharafodin added the comment:
You're right. But if someone uses the exact same code to decompile a pyc to a
Python code, attacker doesn't have access to the interpreter and cannot even
run the pyc file on the server, but the attacker can cause a crash and run the
malicious ex
Iman Sharafodin added the comment:
It could be potential dangerous, for example some services might use Python
Core to decompile pyc files and they could be hacked or some other services
could run restricted pyc files for users but using this bug they can escape the
sandbox and run the
Iman Sharafodin added the comment:
I created a Python file with 12 lines of code and then changed the bytecode to
make Python crash (I was testing Python to find security related bugs). I can
send the original file, do you need that
New submission from Iman Sharafodin :
Python 3.6 (June 27, 2020)
(https://www.python.org/ftp/python/3.6.11/Python-3.6.11.tgz).
I found an exploitable segmentation fault in Python 3.6.11 (I validated that by
using GDB's Exploitable plugin). Please find the attachment.
#0 0x00b
New submission from Iman Sharafodin :
I was testing the latest release of Python 3.6 (June 27, 2020)
(https://www.python.org/ftp/python/3.6.11/Python-3.6.11.tgz) and I found that
there is lack of enough checks on line number 956 in Objects/object.c file
which can cause a segmentation fault
17 matches
Mail list logo
