<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Lupa - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/lupa/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 09 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/lupa/feed.xml" rel="self" type="application/rss+xml"/><item><title>Lupa Sandbox Escape via Incomplete attribute_filter Enforcement</title><link>https://feed.craftedsignal.io/briefs/2024-01-lupa-sandbox-escape/</link><pubDate>Tue, 09 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-lupa-sandbox-escape/</guid><description>The lupa library's attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr, leading to a sandbox escape and arbitrary code execution.</description><content:encoded><![CDATA[<p>The lupa library, version 2.6 and earlier, contains a vulnerability in its <code>attribute_filter</code> implementation. This filter aims to restrict access to sensitive Python attributes when exposing objects to Lua code. However, the filter is inconsistently applied, specifically when attributes are accessed through built-in functions like <code>getattr</code> and <code>setattr</code>. This inconsistency allows an attacker with the ability to execute Lua code to bypass the intended restrictions, ultimately leading to arbitrary code execution on the host system. This vulnerability impacts applications that rely on <code>attribute_filter</code> as a security control for untrusted Lua code execution, particularly if they allow access to Python builtins.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>The attacker gains the ability to execute arbitrary Lua code within an application that uses the lupa library.</li>
<li>The Lua code gains access to a Python object exposed through lupa.</li>
<li>The Lua code utilizes the <code>python.builtins.getattr</code> function to access the <code>__class__</code> attribute of the exposed Python object, bypassing the <code>attribute_filter</code>.</li>
<li>The Lua code uses <code>getattr</code> again to access the <code>__mro__</code> attribute of the class, walking up the inheritance chain.</li>
<li>The Lua code calls the <code>__subclasses__()</code> method (accessed via <code>getattr</code>) to enumerate all subclasses of the base object class.</li>
<li>The Lua code iterates through the subclasses, searching for a class containing <code>os._wrap_close</code>.</li>
<li>The Lua code uses <code>getattr</code> to access the <code>__init__</code> attribute of the identified subclass, and then accesses its <code>__globals__</code> attribute to retrieve the <code>os.system</code> function.</li>
<li>Finally, the Lua code uses <code>setattr</code> to assign the <code>os.system</code> function to an attribute of the original Python object and executes arbitrary commands on the host system, achieving sandbox escape.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of this vulnerability allows an attacker to bypass the <code>attribute_filter</code> in the lupa library. This leads to arbitrary code execution within the host Python process. The impact is a full sandbox escape, potentially allowing the attacker to compromise the entire system. Any application using lupa to execute untrusted Lua code is vulnerable if it relies solely on <code>attribute_filter</code> and doesn't disable access to Python builtins. This affects applications using lupa version 2.6 or earlier.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade to a patched version of the <code>lupa</code> library that addresses this vulnerability.</li>
<li>If upgrading is not immediately feasible, disable access to Python builtins via the <code>register_builtins=False</code> option when creating a <code>LuaRuntime</code> instance.</li>
<li>Monitor process creation events for suspicious processes spawned by the Python interpreter, as a sign of successful exploitation (see Sigma rule <code>Detect Suspicious Process Creation from Python</code>).</li>
<li>Implement additional security controls, such as seccomp profiles, to limit the capabilities of the Python process.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>lupa</category><category>sandbox-escape</category><category>rce</category><category>python</category></item></channel></rss>