[CVE pending] Sandboxing Python is notoriously difficult, the Python module "asteval" is no exception. Add to this the fact that a large set of numpy functions are exposed within the sandbox by default. Versions <=1.06 are vulnerable. This vuln has been disclosed to the maintainer, who closed the security advisory and has since pushed his own fix to master. A CVE is still pending. Publishing the vulnerability through this list will hopefully inform users that are running vulnerable versions.
======================================================================== Summary ======================================================================== An attacker who can pass input to the `asteval` library, when this is used with `numpy` functions in the symbol table (the default setting), can bypass restrictions and execute arbitrary code as the user who ran the python process. ======================================================================== Details ======================================================================== `numpy.ndarray` has an attribute `ctypes` (https://numpy.org/doc/stable/reference/generated/numpy.ndarray.ctypes.html#numpy.ndarray.ctypes). This object is intended to support interfacing with the `ctypes` module. It has an undocumented attribute `_ctypes` which is a reference to the `ctypes` module, which exposes direct memory R/W primitives and interfaces to C libraries. This attribute is not filtered via asteval's filter on attribute access, `safe_getattr`. `asteval` adds a set of `numpy` functions to its symbol table by default. In: https://github.com/lmfit/asteval/blob/40c31962bbdfe1012aacca1892a8d9263a67258e/asteval/astutils.py#L506 (`use_numpy=True`) The set of numpy functions which are added: https://github.com/lmfit/asteval/blob/40c31962bbdfe1012aacca1892a8d9263a67258e/asteval/astutils.py#L111-L157 Any of these numpy functions that provide the user with a reference to an instance of `numpy.ndarray` will expose a path to `ctypes`. The most trivial of these is `numpy.array`, though with how much of a cornerstone of the `numpy` library this datatype is, there are abundant paths to the `numpy.ndarray`, to the point where removing all of them from `asteval` would be prohibitive to the added value of including the `numpy` module in the first place. ======================================================================== POC ======================================================================== ```python array([]).ctypes._ctypes.CDLL('libc.so.6').system(b"whoami") ``` ======================================================================== Hashes of further zero-days in asteval ======================================================================== Here are a set of sha256sum-hashes of a series of as of yet unpublished vulnerabilities, which affect the latest version of asteval: 53af0c5634bbb95889163acedf139d847ff381561a4c908e9c3dc7fc04c4fae6 256eaf6b9825d4126d6b7247f6146fd44f0d54e4bf2238aedf05297cfb1b50c6 6c8d0e0b8909bca2f20547c91ab81a7ba6cb59b0ab7d71454e651e09196f4983 ======================================================================== Discoverer ======================================================================== Ward Theunisse ======================================================================== History ======================================================================== Jan 31, 2025: Informed lmfit of vulnerability through github security advisories Feb 20, 2025: Security advisory closed by lmfit Feb 21, 2025: Fix published by lmfit Mar 7, 2025: Public disclosure of vulnerability _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
