Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Zope 5.9 Command Injection

🗓️ 15 May 2024 00:00:00Reported by Ilyase Dehy, Aymane MAZGUITIType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 411 Views

Zope Command Injection Vulnerability, allows attacker to execute arbitrary commands

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Zope 5.9 Command Injection Vulnerability
15 May 202400:00
zdt
`# Vulnerability Report  
  
## Title: Command Argument Injection Vulnerability in Zope WSGI Instance Creation Script Leading to RCE  
  
### Description:  
A command Argument injection vulnerability has been identified in the Zope WSGI instance creation script used by the Zope web application server framework, which is maintained by the Zope Foundation. The script, mkwsgiinstance, facilitates the setup of new Zope WSGI application instances and involves specifying the Python interpreter among other parameters via command-line arguments. The flaw stems from insufficient validation of the Python interpreter path, allowing an attacker to execute arbitrary shell commands.  
  
### Affected Product:  
Product: Zope WSGI instance creation script (mkwsgiinstance)  
Version: All versions prior to the most recent update  
  
-Impact:  
This vulnerability permits an attacker with local access to the server to execute arbitrary commands with the privileges of the user running the mkwsgiinstance script. The potential impacts include unauthorized information disclosure  
### POC:  
  
```bash  
  
(env) root@lab:/opt/Zope# mkwsgiinstance -p "/usr/bin/mkdir" -d "/tmp/temp;"  
Please choose a username and password for the initial user.  
These will be the credentials you use to initially manage  
your new Zope instance.  
  
Username: d  
Password:   
Verify password:   
(env) root@lab:/opt/Zope# ls /tmp  
'temp;'  
```  
  
In this example, the attacker replaces the Python interpreter argument (-p) with the mkdir command, followed by an arbitrary directory path. Due to inadequate command-line argument sanitation, the script executes the mkdir command, thus illustrating arbitrary command execution.  
  
### Vulnerable Code Snippet:  
  
```python  
  
if opt in ("-p", "--python"):  
python = os.path.abspath(os.path.expanduser(arg))  
if not os.path.exists(python) and os.path.isfile(python):  
usage(sys.stderr, "The Python interpreter does not exist.")  
sys.exit(2)  
```  
  
This code snippet fails to adequately validate the python variable that influences subprocess commands directly, enabling potential command injection when malicious inputs are utilized.  
  
CVSS Calculated Vulnerability Score:  
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H  
  
### Credits:  
  
This vulnerability was disclosed by Aymane MAZGUITI / Ilyase Dehy.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 May 2024 00:00Current
7High risk
Vulners AI Score7
vulnerabilityzopewsgicommand injectionrcepython interpreterarbitrary commandsscriptvalidationprivilege escalationinformation disclosurevulnerable codecvss scoredisclosure
411