openerp-dev-web team mailing list archive

Thread
Date

[Bug 671926] [NEW] NET-RPC client-side stack should sanitize pickled data

To: openerp-dev-web@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <671926@xxxxxxxxxxxxxxxxxx>
Date: Fri, 04 Feb 2011 08:34:03 -0000
Reply-to: Bug 671926 <671926@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Olivier Dony (OpenERP) (odo) has assigned this bug to you for 5.0:

It's possible to execute arbritrary code on client using net-rpc (pickle
protocol) see http://nadiana.com/python-pickle-insecure

If you use the client to connect to some demo server and this demo
server is malicious, it can send malicious code which is executed in
client side.

I attach a exploit server who sends code to execute to client. Run a ls
-l and redirect the output to proof_of_exploit.txt file.

This bug was fixed in the server, but not in the client.
Affects versions 4.2, 5.X and 6.X

** Affects: openobject-client
     Importance: Critical
     Assignee: Stephane Wirtel (OpenERP) (stephane-openerp)
         Status: Confirmed

** Affects: openobject-client/5.0
     Importance: Critical
     Assignee: Stephane Wirtel (OpenERP) (stephane-openerp)
         Status: Confirmed

** Affects: openobject-client-web
     Importance: Critical
     Assignee: OpenERP SA's Web Client R&D (openerp-dev-web)
         Status: Confirmed

** Affects: openobject-client-web/5.0
     Importance: Critical
     Assignee: Stephane Wirtel (OpenERP) (stephane-openerp)
         Status: Confirmed


** Tags: maintenance pickle security
-- 
NET-RPC client-side stack should sanitize pickled data
https://bugs.launchpad.net/bugs/671926
You received this bug notification because you are a member of OpenERP SA's Web Client R&D, which is a bug assignee.