{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/lupa/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["lupa"],"_cs_severities":["critical"],"_cs_tags":["lupa","sandbox-escape","rce","python"],"_cs_type":"advisory","_cs_vendors":["lupa"],"content_html":"\u003cp\u003eThe lupa library, version 2.6 and earlier, contains a vulnerability in its \u003ccode\u003eattribute_filter\u003c/code\u003e implementation. This filter aims to restrict access to sensitive Python attributes when exposing objects to Lua code. However, the filter is inconsistently applied, specifically when attributes are accessed through built-in functions like \u003ccode\u003egetattr\u003c/code\u003e and \u003ccode\u003esetattr\u003c/code\u003e. This inconsistency allows an attacker with the ability to execute Lua code to bypass the intended restrictions, ultimately leading to arbitrary code execution on the host system. This vulnerability impacts applications that rely on \u003ccode\u003eattribute_filter\u003c/code\u003e as a security control for untrusted Lua code execution, particularly if they allow access to Python builtins.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains the ability to execute arbitrary Lua code within an application that uses the lupa library.\u003c/li\u003e\n\u003cli\u003eThe Lua code gains access to a Python object exposed through lupa.\u003c/li\u003e\n\u003cli\u003eThe Lua code utilizes the \u003ccode\u003epython.builtins.getattr\u003c/code\u003e function to access the \u003ccode\u003e__class__\u003c/code\u003e attribute of the exposed Python object, bypassing the \u003ccode\u003eattribute_filter\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Lua code uses \u003ccode\u003egetattr\u003c/code\u003e again to access the \u003ccode\u003e__mro__\u003c/code\u003e attribute of the class, walking up the inheritance chain.\u003c/li\u003e\n\u003cli\u003eThe Lua code calls the \u003ccode\u003e__subclasses__()\u003c/code\u003e method (accessed via \u003ccode\u003egetattr\u003c/code\u003e) to enumerate all subclasses of the base object class.\u003c/li\u003e\n\u003cli\u003eThe Lua code iterates through the subclasses, searching for a class containing \u003ccode\u003eos._wrap_close\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Lua code uses \u003ccode\u003egetattr\u003c/code\u003e to access the \u003ccode\u003e__init__\u003c/code\u003e attribute of the identified subclass, and then accesses its \u003ccode\u003e__globals__\u003c/code\u003e attribute to retrieve the \u003ccode\u003eos.system\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eFinally, the Lua code uses \u003ccode\u003esetattr\u003c/code\u003e to assign the \u003ccode\u003eos.system\u003c/code\u003e function to an attribute of the original Python object and executes arbitrary commands on the host system, achieving sandbox escape.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to bypass the \u003ccode\u003eattribute_filter\u003c/code\u003e in the lupa library. This leads to arbitrary code execution within the host Python process. The impact is a full sandbox escape, potentially allowing the attacker to compromise the entire system. Any application using lupa to execute untrusted Lua code is vulnerable if it relies solely on \u003ccode\u003eattribute_filter\u003c/code\u003e and doesn't disable access to Python builtins. This affects applications using lupa version 2.6 or earlier.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of the \u003ccode\u003elupa\u003c/code\u003e library that addresses this vulnerability.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, disable access to Python builtins via the \u003ccode\u003eregister_builtins=False\u003c/code\u003e option when creating a \u003ccode\u003eLuaRuntime\u003c/code\u003e instance.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for suspicious processes spawned by the Python interpreter, as a sign of successful exploitation (see Sigma rule \u003ccode\u003eDetect Suspicious Process Creation from Python\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eImplement additional security controls, such as seccomp profiles, to limit the capabilities of the Python process.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T12:00:00Z","date_published":"2024-01-09T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-lupa-sandbox-escape/","summary":"The lupa library's attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr, leading to a sandbox escape and arbitrary code execution.","title":"Lupa Sandbox Escape via Incomplete attribute_filter Enforcement","url":"https://feed.craftedsignal.io/briefs/2024-01-lupa-sandbox-escape/"}],"language":"en","title":"CraftedSignal Threat Feed - Lupa","version":"https://jsonfeed.org/version/1.1"}