360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/151867 | Third Party Advisory |
https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-23T16:00:00
Updated: 2018-10-24T17:57:01
Reserved: 2018-10-23T00:00:00
Link: CVE-2018-18603
JSON object: View
NVD Information
Status : Modified
Published: 2018-10-23T16:29:00.407
Modified: 2024-05-17T01:25:40.053
Link: CVE-2018-18603
JSON object: View
Redhat Information
No data.
CWE