Remote Code Execution by Pickle Deserialization via LogRecordStreamHandler in Cola Framework #74
Description
Description
In the core logging functionality of the Cola framework (cola/core/logs.py), the LogRecordStreamHandler class directly uses pickle.loads() to deserialize messages received from TCP socket connections without any sanitization, which results in a remote code execution vulnerability.Even more concerning, when Cola master is started with network binding (e.g., cola master -s 0.0.0.0:8765), the logging service listens on all network interfaces by default, which allows attackers across the entire network to perform arbitrary remote code execution.
Proof of Concept
Step 1:The victim user starts a Cola master server that binds to the network interface:
cola master -s 0.0.0.0:8765
Step 2: The attacker can then send malicious pickle serialized data to the TCP socket. The provided poc.py demonstrates how an attacker can execute arbitrary commands like "ls -la":
payload = "cos\nsystem\n(S'ls -la'\ntR."
send_custom_data(host='target_host', port=9020, data=payload)
The payload "cos\nsystem\n(S'ls -la'\ntR." is a pickle-serialized object that, when deserialized, calls os.system('ls -la'), resulting in remote command execution.
We also give a demo video in the attachment, along with poc.py. When you reproduce this issue, you can first init cola master and then run python poc.py with the host and port of log server.
Impact
Remote code execution on the victim's machine over the network. Once the victim starts the Cola master server with network binding, an attacker on the network can gain arbitrary code execution by:
1.Scanning and finding the victim's Cola logging service
2.Sending malicious pickle payloads to the logging port
3.Executing arbitrary system commands with the privileges of the Cola process
Mitigation
1.Sanitize data before deserialization: Rewrite the unPickle() method to use a custom Unpickler with a restricted find_class() method that only allows safe classes, or replace pickle with more secure serialization methods such as JSON, msgpack, or protocol buffers.
2.Network access control: If the logging service is intended for internal use only, accept connections solely from the internal network (localhost or specific trusted IPs). If it must be exposed to external networks, implement proper authentication and authorization.
3.Security warnings: When starting the service with network binding (0.0.0.0), display a prominent security warning to inform users about the potential risks.