exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

PyAMF 0.7.2 XXE Injection

PyAMF 0.7.2 XXE Injection
Posted Dec 17, 2015
Authored by Nicolas Gregoire, Open Source CERT

PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.

tags | advisory, denial of service, xxe
advisories | CVE-2015-8549
SHA-256 | 939e9f52f635c72d8bc7877b8213d3c23d28d84296a37c4314ff4368f14040f1

PyAMF 0.7.2 XXE Injection

Change Mirror Download

#2015-011 PyAMF input sanitization errors (XXE)

Description:

PyAMF is a Python module that implements the Action Message Format (AMF)
protocol, allowing Flash interoperation with various web frameworks.

PyAMF suffers from insufficient AMF input payload sanitization which
results in the XML parser not preventing the processing of XML external
entities (XXE).

A specially crafted AMF payload, containing malicious references to XML
external entities, can be used to trigger Denial of Service (DoS)
conditions or arbitrarily return the contents of files that are accessible
with the running application privileges.

Affected version:

PyAMF <= 0.7.2

Fixed version:

PyAMF >= 0.8.0

Credit: vulnerability reported by Nicolas Grégoire <nicolas [dot] gregoire [at] agarri [dot] fr>

CVE:

CVE-2015-8549

Timeline:

2015-12-01: vulnerability report received
2015-12-02: contacted maintainer
2015-12-04: maintainer commits patch via public pull request
2015-12-12: reporter confirms patch
2015-12-14: contacted affected vendors
2015-12-14: assigned CVE
2015-12-17: advisory release

References:

https://github.com/hydralabs/pyamf/pull/58

Permalink:

http://www.ocert.org/advisories/ocert-2015-011.html

--
Daniele Bianco Open Source Computer Security Incident Response Team
<danbia@ocert.org> http://www.ocert.org

GPG Key 0x9544A497
GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D 4AC5 AE75 822E 9544 A497
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close