#2015-011 PyAMF input sanitization errors (XXE)
Description:
PyAMF is a Python module that implements the Action Message Format (AMF)
protocol, allowing Flash interoperation with various web frameworks.
PyAMF suffers from insufficient AMF input payload sanitization which
results in the XML parser not preventing the processing of XML external
entities (XXE).
A specially crafted AMF payload, containing malicious references to XML
external entities, can be used to trigger Denial of Service (DoS)
conditions or arbitrarily return the contents of files that are accessible
with the running application privileges.
Affected version:
PyAMF <= 0.7.2
Fixed version:
PyAMF >= 0.8.0
Credit: vulnerability reported by Nicolas Grégoire <nicolas [dot] gregoire [at] agarri [dot] fr>
CVE:
CVE-2015-8549
Timeline:
2015-12-01: vulnerability report received
2015-12-02: contacted maintainer
2015-12-04: maintainer commits patch via public pull request
2015-12-12: reporter confirms patch
2015-12-14: contacted affected vendors
2015-12-14: assigned CVE
2015-12-17: advisory release
References:
https://github.com/hydralabs/pyamf/pull/58
Permalink:
http://www.ocert.org/advisories/ocert-2015-011.html
--
Daniele Bianco Open Source Computer Security Incident Response Team
<danbia () ocert org> http://www.ocert.org