virtualenv 16.0.0 Sandbox Escape

WARNING! Fake news / Disputed / BOGUS

virtualenv 16.0.0 Sandbox Escape

2018.10.05

Credit: vr_system

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2018-17793

CWE: CWE-254

CVSS Base Score: 10/10

Impact Subscore: 10/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

# Exploit Title: virtualenv 16.0.0 - Sandbox Escape
# Date: 2018-10-02
# Exploit Author: vr_system
# Vendor Homepage: https://virtualenv.pypa.io/en/stable/
# Software Link: https://virtualenv.pypa.io/en/stable/
# Version: 16.0.0
# Tested on: kali linux
# CVE : CVE-2018-17793
 
# 1 Install
# root@kali:~#pip install virtualenv
# root@kali:~#virtualenv test_env
# root@kali:~#cd test_env/
# root@kali:~/test_env#source ./bin/activate
 
# 2 Sandbox escape
 
(test_env) root@kali:~/test_env#python $(bash >&2)
(test_env) root@kali:~/test_env#python $(rbash >&2)

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

virtualenv 16.0.0 Sandbox Escape

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.