python-utcp Untrusted Manual Command Execution Vulnerability

A vulnerability in python-utcp allows for arbitrary operating system command execution on a client's machine. This occurs when the client retrieves a tool's JSON specification, referred to as a 'Manual', from a remote Manual Endpoint. A provider can initially send a harmless manual, but later modify it to exploit the client. If the 'utcp-cli' package is installed, a malicious provider can execute commands by defining a tool in the manual that uses the CLI protocol. Even without 'utcp-cli', other protocols like HTTP can be manipulated to perform Server-Side Request Forgery (SSRF) attacks.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the client's machine, or controlled Server-Side Request Forgery (SSRF) if 'utcp-cli' is not installed.

Reproduction

To reproduce this vulnerability, first install the 'utcp', 'utcp-http', and 'utcp-cli' packages. Then, create a JSON file containing a malicious tool definition that includes a command to execute, such as 'calc.exe'. Serve this file using a simple HTTP server. Next, create a Python script that uses the python-utcp client to fetch the malicious manual and execute the tool, which will trigger the command execution.

Remediation

Users can update to python-utcp version 1.1.0, which addresses this vulnerability.