CVE-2019-16328
published 2019-10-03CVE-2019-16328: In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC…
PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
13.05%
95.9th percentile
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rpyc | — | — |
| rpyc_project | rpyc | >= 4.1.0 < 4.1.2 | 4.1.2 |
| rpyc_project | rpyc | >= 4.1.0 < 4.1.1 | 4.1.1 |
| rpyc_project | rpyc | 4.1.0 – 4.1.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·Vulnerability only affects RPyC services running with default configuration settings; non-default/hardened configurations may not be exploitable ↗
- ·The attack vector is a missing protocol security check allowing dynamic modification of object attributes to construct malicious RPCs ↗
- ·Affected versions are RPyC 4.1.x through 4.1.1; refer to RPyC security documentation for hardening guidance ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
ghsa7.5HIGH
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Dynamic modification of RPyC service due to missing security check
osv·2021-02-17·CVSS 7.5
CVE-2019-16328 [HIGH] Dynamic modification of RPyC service due to missing security check
Dynamic modification of RPyC service due to missing security check
### Impact
Version 4.1.0 of RPyC has a vulnerability that affects custom RPyC services making it susceptible to authenticated remote attacks.
### Patches
Git commits between September 2018 and October 2019 and version 4.1.0 are vulnerable. Use a version of RPyC that is not affected.
### Workarounds
The commit `d818ecc83a92548994db75a0e9c419c7bce680d6` could be used as a patch to add the missing access check.
### References
[CVE-2019-16328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16328)
[RPyC Security Documentation](https://rpyc.readthedocs.io/en/latest/docs/security.html#security)
### For more information
If you have any questions or comments about this advisory:
* Open an issue using [GitHub](https://g
GHSA
Dynamic modification of RPyC service due to missing security check
ghsa·2021-02-17·CVSS 7.5
CVE-2019-16328 [HIGH] CWE-1321 Dynamic modification of RPyC service due to missing security check
Dynamic modification of RPyC service due to missing security check
### Impact
Version 4.1.0 of RPyC has a vulnerability that affects custom RPyC services making it susceptible to authenticated remote attacks.
### Patches
Git commits between September 2018 and October 2019 and version 4.1.0 are vulnerable. Use a version of RPyC that is not affected.
### Workarounds
The commit `d818ecc83a92548994db75a0e9c419c7bce680d6` could be used as a patch to add the missing access check.
### References
[CVE-2019-16328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16328)
[RPyC Security Documentation](https://rpyc.readthedocs.io/en/latest/docs/security.html#security)
### For more information
If you have any questions or comments about this advisory:
* Open an issue using [GitHub](https://g
OSV
Duplicate Advisory: Possible remote code execution via a remote procedure call
osv·2019-11-20
CVE-2019-16328 [HIGH] Duplicate Advisory: Possible remote code execution via a remote procedure call
Duplicate Advisory: Possible remote code execution via a remote procedure call
Withdrawn: duplicate of GHSA-pj4g-4488-wmxm
## Original Description
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
OSV
CVE-2019-16328: In RPyC 4
osv·2019-10-03
CVE-2019-16328 CVE-2019-16328: In RPyC 4
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
Debian
CVE-2019-16328: rpyc - In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object att...
vendor_debian·2019·CVSS 7.5
CVE-2019-16328 [HIGH] CVE-2019-16328: rpyc - In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object att...
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
Scope: local
bookworm: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
CTF
20230206-DiceCTF2023-EN / README
ctf_writeups·2023
20230206-DiceCTF2023-EN / README
# DiceCTF 2023 Writeup - EN
## Preface:
This competition has won the second place🥈. Now the writeup of the members is sorted out as follows, and we can exchange and learn with you. Interested masters are welcome to submit their resumes to `[email protected]`, and we will contact you in time.
## Pwn:
### Bop:
It's a simple, stack pivot chall, but since seccomp is set, only open, read, and write are available.
However, libc's open actually uses openat syscall, so I can't use it.
You can run open via the syscall gadget. There was a "syscall; ret;" gadget, but I overlooked it, so I just used the syscall gadget.
In order to use the syscall gadget for ROP, the master canary of libc must be overwritten.
```python
from pwn import *
#p = process('bop')
p = remote('mc.ax', 30284)
pay = b'a
Bugzilla
CVE-2019-16328 python-rpyc: missing protocol security check leads remote procedure call that executes code for a RPyC service
bugzilla·2019-11-18·CVSS 7.5
CVE-2019-16328 [HIGH] CVE-2019-16328 python-rpyc: missing protocol security check leads remote procedure call that executes code for a RPyC service
CVE-2019-16328 python-rpyc: missing protocol security check leads remote procedure call that executes code for a RPyC service
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
Reference:
https://rpyc.readthedocs.io/en/latest/docs/security.html
Discussion:
Created python-rpyc tracking bugs for this issue:
Affects: fedora-all [bug 1773722]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Bugzilla
CVE-2019-16328 python-rpyc: missing protocol security check leads remote procedure call that executes code for a RPyC service [fedora-all]
bugzilla·2019-11-18·CVSS 7.5
CVE-2019-16328 [HIGH] CVE-2019-16328 python-rpyc: missing protocol security check leads remote procedure call that executes code for a RPyC service [fedora-all]
CVE-2019-16328 python-rpyc: missing protocol security check leads remote procedure call that executes code for a RPyC service [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit m
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00046.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00004.htmlhttps://github.com/tomerfiliba/rpychttps://rpyc.readthedocs.io/en/latest/docs/security.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00046.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00004.htmlhttps://github.com/tomerfiliba/rpychttps://rpyc.readthedocs.io/en/latest/docs/security.html
2019-10-03
Published