15 Year Old Python Bug Let Hacker Execute Code in Code 350k Python Projects

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing
Trellix Advanced Threat Research Team observed an unpatched 15 year old Python bug found in the Python’s tarfile module tracked as CVE-2007-4559 with CVSS score: 6.8.

“The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive”, said Trellix security researcher Kasimir Schulz.

Upon the successful exploitation of the vulnerability, an attacker can gain code execution from the file write.

The Tarfile Vulnerability

Reports say tarfiles are a collection of multiple different files and metadata which is later used to unarchive the tarfile. In this case, attackers can exploit the flaw by uploading a malicious tarfile which make it possible to escape the directory that a file is intended to be extracted to and achieve code execution.

Path Joining with the Filename
Additionally, the extractall function relies on the extract function, experts say, the extractall function is also vulnerable to the directory traversal attack.

“An attacker to take advantage of this vulnerability they need to add “..” with the separator for the operating system (“/” or “”) into the file name to escape the directory the file is supposed to be extracted to”, Trellix

Vulnerability is Incredibly Easy to Exploit

Researchers say this vulnerability is easy to exploit, doesn’t need much knowledge about complicated security. As a result Python’s tarfile module has become a very big supply chain issue frightening infrastructure around the world.