← Back to team overview

c2c-oerpscenario team mailing list archive

Re: [Bug 671926] Re: NET-RPC client-side stack should sanitize pickled data

 

Hi,
as a security fix can be aplied to stable clients too? 5.0.X and 6.X

Thanks

--
Eduard Carreras i Nadal

On 04/07/2011, at 7:46, "Naresh\(OpenERP\)" <nch@xxxxxxxxxxx> wrote:

> Hello,
> 
> Thanks for reporting !
> 
> It has been fixed at lp:~openerp-dev/openobject-client/trunk-
> bug-671926-nch and will be merged soon to the trunk client.
> 
> 
> Thanks !
> 
> ** Changed in: openobject-client
>       Status: In Progress => Fix Committed
> 
> -- 
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/671926
> 
> Title:
>  NET-RPC client-side stack should sanitize pickled data
> 
> Status in OpenERP GTK Client:
>  Fix Committed
> Status in OpenERP GTK Client 5.0 series:
>  Confirmed
> Status in OpenERP Web Client:
>  Confirmed
> Status in OpenERP Web Client 5.0 series:
>  Confirmed
> 
> Bug description:
>  It's possible to execute arbritrary code on client using net-rpc
>  (pickle protocol) see http://nadiana.com/python-pickle-insecure
> 
>  If you use the client to connect to some demo server and this demo
>  server is malicious, it can send malicious code which is executed in
>  client side.
> 
>  I attach a exploit server who sends code to execute to client. Run a
>  ls -l and redirect the output to proof_of_exploit.txt file.
> 
>  This bug was fixed in the server, but not in the client.
>  Affects versions 4.2, 5.X and 6.X
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/openobject-client/+bug/671926/+subscriptions

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/671926

Title:
  NET-RPC client-side stack should sanitize pickled data

Status in OpenERP GTK Client:
  Fix Committed
Status in OpenERP GTK Client 5.0 series:
  Confirmed
Status in OpenERP Web Client:
  Confirmed
Status in OpenERP Web Client 5.0 series:
  Confirmed

Bug description:
  It's possible to execute arbritrary code on client using net-rpc
  (pickle protocol) see http://nadiana.com/python-pickle-insecure

  If you use the client to connect to some demo server and this demo
  server is malicious, it can send malicious code which is executed in
  client side.

  I attach a exploit server who sends code to execute to client. Run a
  ls -l and redirect the output to proof_of_exploit.txt file.

  This bug was fixed in the server, but not in the client.
  Affects versions 4.2, 5.X and 6.X

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-client/+bug/671926/+subscriptions


References