PaulMRamirez
commented
2 weeks ago @nttoole I'm gathering there is a patch in progress to remove pickle usage. If we've stored files in the Pickle compressed format we should provide a script somewhere or commands on how to un "pickle" those files.
nttoole
AIT-Core extensively uses Pickle. As per Python documentation, this library is insecure and allows bad actors to achieve Command Execution. One example is loading a leap seconds configuration file, part of the DMC module. According to AIT-Core documentation, the ait.dmc module provides utilities to represent, translate, and manipulate time, building upon Python's datetime and timedelta data types. When the leapseconds.dat file is loaded, AIT-Core uses Pickle to process the file (see Figure 13).
Figure 13: AIT-Core processes the leapseconds.dat using Pickle.
If the bad actors can access the AIT-Core configuration file, they can change it to point to their malicious pickle file (see Figure 14), which will then be executed by the AIT-Core DMC module (see Figure 15).
Figure 14: Example of a malicious Pickle file.
Figure 15: AIT-Core DMC loads the malicious Pickle file.
Other areas where the pickle is used and can lead to Local Command Execution are the following modules:
Recommendations
The pickle library is insecure and can lead to Command Execution vulnerabilities. Therefore, it should not be used, or the content of the loaded pickle files should be sanitised. This is just one example of how AIT-Core utilises the Pickle library, which we decided to use to demonstrate how it can be exploited.