CVE-2017-2810
published 2017-06-14CVE-2017-2810: An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.87%
90.9th percentile
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-tablib | < python-tablib 0.9.11-3 (bookworm) | python-tablib 0.9.11-3 (bookworm) |
| kenneth_reitz | tablib | — | — |
| kenneth_reitz | tablib | >= 0 < 0.11.5 | 0.11.5 |
| python | tablib | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
Snort rules: 42195-42196
- →Detect use of unsafe yaml.load() API call instead of yaml.safe_load() in PyYAML-based applications; exploitation of CVE-2017-2810 relies on yaml.load being called on attacker-controlled YAML databook content. ↗
- →Monitor for arbitrary Python command execution triggered via YAML Databook loading in Tablib; attacker payload is embedded Python code within YAML content supplied to the Databook loader. ↗
- →Flag ingestion of untrusted YAML-format Databook files by python-tablib processes; the vulnerability is triggered at load time when yaml.load processes attacker-controlled input. ↗
- ·Snort rules 42195-42196 are subject to change; always refer to the latest ruleset from FireSIGHT Management Center or Snort.org for current detection coverage. ↗
- ·Red Hat assessed the python-tablib code path as unreachable in supported Red Hat OpenStack Platform configurations, so detections may produce false positives or be irrelevant in those environments. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
python-tablib: Databook loading functionality allows command execution
vendor_redhat·2017-06-13·CVSS 7.5
CVE-2017-2810 [HIGH] CWE-502 python-tablib: Databook loading functionality allows command execution
python-tablib: Databook loading functionality allows command execution
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
It was found that loading a yaml format Databook from an untrusted source could lead to arbitrary code execution in python-tablib as the safe_load method was not used to load the content.
Statement: Red Hat Product Security has rated this issue as having Low security impact in Red Hat OpenStack Platform. While the code is present in the python-tablib package, it is not reachable in any supported configuration. There is currently no plan to address this flaw i
Debian
CVE-2017-2810: python-tablib - An exploitable vulnerability exists in the Databook loading functionality of Tab...
vendor_debian·2017·CVSS 7.5
CVE-2017-2810 [HIGH] CVE-2017-2810: python-tablib - An exploitable vulnerability exists in the Databook loading functionality of Tab...
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
Scope: local
bookworm: resolved (fixed in 0.9.11-3)
bullseye: resolved (fixed in 0.9.11-3)
forky: resolved (fixed in 0.9.11-3)
sid: resolved (fixed in 0.9.11-3)
trixie: resolved (fixed in 0.9.11-3)
OSV
Loaded Databook of Tablib prone to python insertion resulting in command execution
osv·2018-07-13
CVE-2017-2810 [CRITICAL] Loaded Databook of Tablib prone to python insertion resulting in command execution
Loaded Databook of Tablib prone to python insertion resulting in command execution
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
GHSA
Loaded Databook of Tablib prone to python insertion resulting in command execution
ghsa·2018-07-13
CVE-2017-2810 [CRITICAL] Loaded Databook of Tablib prone to python insertion resulting in command execution
Loaded Databook of Tablib prone to python insertion resulting in command execution
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
OSV
CVE-2017-2810: An exploitable vulnerability exists in the Databook loading functionality of Tablib 0
osv·2017-06-14·CVSS 9.8
CVE-2017-2810 [CRITICAL] CVE-2017-2810: An exploitable vulnerability exists in the Databook loading functionality of Tablib 0
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
No detection rules found.
Exploit-DB
HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit)
exploitdb·2018-01-10
CVE-2017-5816 HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit)
HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'HPE iMC dbman RestartDB Unauthenticated RCE',
'Description' => %q{
This module exploits a remote command execution vulnerablity in
Hewlett Packard Enterprise Intelligent Management Center before
version 7.3 E0504P04.
The dbman service allows unauthenticated remote users to restart
a user-specified database instance (OpCode 10008), however the
instance ID is not sanitized, allowing execution of arbitrary
operating system commands as SYSTEM. This service listens on
TCP port 2810 by default.
This module has been tested successfully on iMC PLAT v7.2 (E0403)
on
Exploit-DB
HPE iMC - dbman 'RestoreDBase' Remote Command Execution (Metasploit)
exploitdb·2018-01-10
CVE-2017-5817 HPE iMC - dbman 'RestoreDBase' Remote Command Execution (Metasploit)
HPE iMC - dbman 'RestoreDBase' Remote Command Execution (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'HPE iMC dbman RestoreDBase Unauthenticated RCE',
'Description' => %q{
This module exploits a remote command execution vulnerablity in
Hewlett Packard Enterprise Intelligent Management Center before
version 7.3 E0504P04.
The dbman service allows unauthenticated remote users to restore
a user-specified database (OpCode 10007), however the database
connection username is not sanitized resulting in command injection,
allowing execution of arbitrary operating system commands as SYSTEM.
This service listens on TCP port 2810 by default.
This module has been tes
Exploit-DB
HP iMC Plat 7.2 - Remote Code Execution
exploitdb·2017-11-28·CVSS 9.8
CVE-2017-5817 [CRITICAL] HP iMC Plat 7.2 - Remote Code Execution
HP iMC Plat 7.2 - Remote Code Execution
---
#!/opt/local/bin/python2.7
# Exploit Title: HP iMC Plat 7.2 dbman Opcode 10007 Command Injection RCE
# Date: 11-28-2017
# Exploit Author: Chris Lyne (@lynerc)
# Vendor Homepage: www.hpe.com
# Software Link: https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=16759&ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535&SaidNumber=
# Version: iMC PLAT v7.2 (E0403) Standard
# Tested on: Windows Server 2008 R2 Enterprise 64-bit
# CVE : CVE-2017-5817
# See Also: http://www.zerodayinitiative.com/advisories/ZDI-17-341/
# note that this PoC will create a file 'C:\poc.txt'
import socket, sys
ip = '192.168.1.74'
port = 2810
command = "echo PoC 12345 > C:\\poc.txt" # command to run
sock = socket.socket(socket.AF_INET, s
Bugzilla
CVE-2017-2810 python-tablib: Databook loading functionality allows command execution [epel-6]
bugzilla·2017-06-14·CVSS 7.5
CVE-2017-2810 [HIGH] CVE-2017-2810 python-tablib: Databook loading functionality allows command execution [epel-6]
CVE-2017-2810 python-tablib: Databook loading functionality allows command execution [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template
Bugzilla
CVE-2017-2810 python-tablib: Databook loading functionality allows command execution
bugzilla·2017-06-14·CVSS 7.5
CVE-2017-2810 [HIGH] CVE-2017-2810 python-tablib: Databook loading functionality allows command execution
CVE-2017-2810 python-tablib: Databook loading functionality allows command execution
An exploitable vulnerability exists in the Databook loading functionality of Tablib. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
External References:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307
Discussion:
Created python-tablib tracking bugs for this issue:
Affects: epel-6 [bug 1461298]
Affects: fedora-all [bug 1461299]
---
Statement:
Red Hat Product Security has rated this issue as having Low security impact in Red Hat OpenStack Platform. While the code is present in the python-tablib package, it is not reachable in any supported configuration.
Bugzilla
CVE-2017-2810 python-tablib: Databook loading functionality allows command execution [fedora-all]
bugzilla·2017-06-14·CVSS 7.5
CVE-2017-2810 [HIGH] CVE-2017-2810 python-tablib: Databook loading functionality allows command execution [fedora-all]
CVE-2017-2810 python-tablib: Databook loading functionality allows command execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
Bugzilla
CVE-2014-9970 jasypt: Vulnerable to timing attack against the password hash comparison
bugzilla·2017-05-25·CVSS 7.5
CVE-2014-9970 [HIGH] CVE-2014-9970 jasypt: Vulnerable to timing attack against the password hash comparison
CVE-2014-9970 jasypt: Vulnerable to timing attack against the password hash comparison
It was found that jasypt before allows a timing attack against the password hash comparison.
Upstream patch:
https://sourceforge.net/p/jasypt/code/668/
Discussion:
This issue has been addressed in the following products:
Red Hat JBoss BRMS
Via RHSA-2017:2547 https://access.redhat.com/errata/RHSA-2017:2547
---
This issue has been addressed in the following products:
Red Hat JBoss BPM Suite
Via RHSA-2017:2546 https://access.redhat.com/errata/RHSA-2017:2546
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.0.8
Via RHSA-2017:2810 https://access.redhat.com/errata/RHSA-2017:2810
---
This issue has been addressed in the following produc
Talos
Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib
blogs_talos·2017-09-14·CVSS 7.5
[HIGH] Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib
Vulnerabilities discovered by Cory Duplantis of Talos.
Talos is disclosing the presence of remote code execution vulnerabilities in the processing of Yet Another Markup Language (YAML) content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML content to execute arbitrary commands on vulnerable systems.
## Overview
YAML is a data serialisation markup format which is designed to be readable for humans yet easily parsed by machines. Many tools and libraries have been developed to parse YAML data. The Python YAML parsing library PyYAML provides two API calls to parse YAML data: yaml.load and yaml.safe_load. The former API does not correctly sanitise YAML input which allows attackers to embed Python code to be executed within YAML conte
Talos
Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib
blogs_talos·2017-09-14·CVSS 7.5
[HIGH] Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib
## Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib
Vulnerabilities discovered by Cory Duplantis of Talos.
Talos is disclosing the presence of remote code execution vulnerabilities in the processing of Yet Another Markup Language (YAML) content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML content to execute arbitrary commands on vulnerable systems.
## Overview
YAML is a data serialisation markup format which is designed to be readable for humans yet easily parsed by machines. Many tools and libraries have been developed to parse YAML data. The Python YAML parsing library PyYAML provides two API calls to parse YAML data: yaml.load and yaml.safe_load. The former API does no
2017-06-14
Published