Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Kyle Kelley <rgbkrk <at> gmail.com>
Subject: =?utf-8?q?Vulnerability_in_IPython_Notebook_?= =?utf-8?b?4omkIDEuMQ==?=
Newsgroups: gmane.comp.python.ipython.devel
Date: Sunday 13th July 2014 21:56:25 UTC (over 3 years ago)
Everyone,

On IPython ≤ 1.1, a remote site could have exploited a vulnerability in
cross origin websocket handling to execute code on an IPython kernel, with
knowledge of the kernel id (which requires user intervention).

This vulnerability was patched in
https://github.com/ipython/ipython/pull/4845
and reported to the CVE
(Common Vulnerabilities and Exposure) database.

Summary given to the CVE database: The origin of websocket requests was not
verified within the IPython notebook server. If an attacker has knowledge
of an IPython kernel id they can run arbitrary code on a user's machine
when the client visits a crafted malicious page.

The CVE ID is CVE-2014-342 (
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-342).

If you were at SciPy and watched the final round of lightning talks, you
already know about this vulnerability (as much as you can within a 5 minute
talk that is).

I wrote a more detailed explanation at
http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython

Feel free to ask us (the IPython team) any questions!

Regards,

Kyle Kelley
 
CD: 3ms