An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
References
Link | Resource |
---|---|
https://github.com/bbengfort/confire/commit/8cc86a5ec2327e070f1d576d61bbaadf861597ea | Patch Third Party Advisory |
https://github.com/bbengfort/confire/issues/24 | Exploit Third Party Advisory |
https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16763-configure-loaded-through-confire/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-11-10T09:00:00
Updated: 2017-11-15T15:57:01
Reserved: 2017-11-10T00:00:00
Link: CVE-2017-16763
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-10T09:29:00.363
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-16763
JSON object: View
Redhat Information
No data.
CWE