Found in a past security audit, agreed with Tristan to make public and file issues here.
Please see https://bugzilla.redhat.com/show_bug.cgi?id=1152544
So in src/netdetect.py and src/health_protocol.py we send and receive pickled
data, no authentication, so anyone with network access == code execution
Code, snipped, basically:
src/netdetect.py
def start_sync_bench_server():
'''Server is made for receiving keepalives and manage them.'''
''' Let's bind a server to the Multicast group '''
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
def start_discovery_server():
'''Server is made for receiving keepalives and manage them.'''
''' Let's bind a server to the Multicast group '''
''' Until we got a synthesis list from another server '''
while not synthesis:
answer = {}
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
def start_client(mode, max_clients=0):
''' While we are in discovery mode, let's send keepalives '''
while discovery:
sys.stderr.write("Sending keepalive for %s\n" % my_mac_addr)
sock.sendto(cPickle.dumps(host_info), (MCAST_GRP, MCAST_PORT))
sys.stderr.write("Sending Ready To Bench for %s\n" % my_mac_addr)
sock.sendto(cPickle.dumps(host_info), (MCAST_GRP, MCAST_PORT))
sys.stderr.write("Sending Go !\n")
sock.sendto(cPickle.dumps(host_info), (MCAST_GRP, MCAST_PORT_GO))
def scrub_timestamp():
'''Scrubing deletes server that didn't sent keepalive on time.'''
sock.sendto(cPickle.dumps(server_list),
(MCAST_GRP, MCAST_PORT))
sys.stderr.write("No remote system detected, exiting\n")
sock.sendto(cPickle.dumps(message),
(MCAST_GRP, MCAST_PORT))
''' It's time to send the synthesis to the other nodes '''
leader = True
sock.sendto(cPickle.dumps(server_list),
(MCAST_GRP, MCAST_PORT))
def wait_for_go():
global ready_to_bench
''' Let's bind a server to the Multicast group '''
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
src/health_protocol.py
def start_sync_bench_server():
'''Server is made for receiving keepalives and manage them.'''
''' Let's bind a server to the Multicast group '''
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
def start_discovery_server():
'''Server is made for receiving keepalives and manage them.'''
''' Let's bind a server to the Multicast group '''
''' Until we got a synthesis list from another server '''
while not synthesis:
answer = {}
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
def start_client(mode, max_clients=0):
'''Client is made for generating keepalives.'''
''' Let's prepare the socket '''
''' While we are in discovery mode, let's send keepalives '''
while discovery:
sys.stderr.write("Sending keepalive for %s\n" % my_mac_addr)
sock.sendto(cPickle.dumps(host_info), (MCAST_GRP, MCAST_PORT))
while ready_to_bench:
sys.stderr.write("Sending Ready To Bench for %s\n" % my_mac_addr)
sock.sendto(cPickle.dumps(host_info), (MCAST_GRP, MCAST_PORT))
sys.stderr.write("Sending Go !\n")
sock.sendto(cPickle.dumps(host_info), (MCAST_GRP, MCAST_PORT_GO))
def scrub_timestamp():
'''Scrubing deletes server that didn't sent keepalive on time.'''
sock.sendto(cPickle.dumps(server_list),
sys.stderr.write("No remote system detected, exiting\n")
sock.sendto(cPickle.dumps(message),
''' It's time to send the synthesis to the other nodes '''
leader = True
sock.sendto(cPickle.dumps(server_list),
def wait_for_go():
global ready_to_bench
''' Let's bind a server to the Multicast group '''
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
Found in a past security audit, agreed with Tristan to make public and file issues here.
Please see https://bugzilla.redhat.com/show_bug.cgi?id=1152544
So in src/netdetect.py and src/health_protocol.py we send and receive pickled
data, no authentication, so anyone with network access == code execution
Code, snipped, basically:
src/netdetect.py
def start_sync_bench_server():
'''Server is made for receiving keepalives and manage them.'''
''' Let's bind a server to the Multicast group '''
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
def start_discovery_server():
'''Server is made for receiving keepalives and manage them.'''
''' Let's bind a server to the Multicast group '''
''' Until we got a synthesis list from another server '''
while not synthesis:
answer = {}
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
def start_client(mode, max_clients=0):
''' While we are in discovery mode, let's send keepalives '''
while discovery:
sys.stderr.write("Sending keepalive for %s\n" % my_mac_addr)
sock.sendto(cPickle.dumps(host_info), (MCAST_GRP, MCAST_PORT))
def scrub_timestamp():
'''Scrubing deletes server that didn't sent keepalive on time.'''
sock.sendto(cPickle.dumps(server_list),
(MCAST_GRP, MCAST_PORT))
def wait_for_go():
global ready_to_bench
''' Let's bind a server to the Multicast group '''
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
src/health_protocol.py
def start_sync_bench_server():
'''Server is made for receiving keepalives and manage them.'''
''' Let's bind a server to the Multicast group '''
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
def start_discovery_server():
'''Server is made for receiving keepalives and manage them.'''
''' Let's bind a server to the Multicast group '''
''' Until we got a synthesis list from another server '''
while not synthesis:
answer = {}
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))
def start_client(mode, max_clients=0):
'''Client is made for generating keepalives.'''
''' Let's prepare the socket '''
''' While we are in discovery mode, let's send keepalives '''
while discovery:
sys.stderr.write("Sending keepalive for %s\n" % my_mac_addr)
sock.sendto(cPickle.dumps(host_info), (MCAST_GRP, MCAST_PORT))
def scrub_timestamp():
'''Scrubing deletes server that didn't sent keepalive on time.'''
sock.sendto(cPickle.dumps(server_list),
def wait_for_go():
global ready_to_bench
''' Let's bind a server to the Multicast group '''
''' Let's get keepalives from servers '''
answer = cPickle.loads(sock.recv(10240))