tiny-rdm Pickle Decoding Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in tiny-rdm Tiny RDM versions through 1.2.5. The issue arises in the Pickle Decoding component, specifically within the function pickle.loads in the file pickle_convert.go. This vulnerability allows an attacker to exploit the deserialization of untrusted data, leading to arbitrary code execution on the user's machine. The exploitation requires a high level of complexity, but a public exploit is available.

Impact

Exploitation of this vulnerability allows for remote code execution on the user's machine, with the same privileges as the Tiny RDM desktop user.

Reproduction

To reproduce this vulnerability, first generate a malicious pickle payload that, when executed, touches a file on the Tiny RDM host. This can be done using a Python script that creates a pickle file with a payload designed to execute a command. Once the payload is prepared, it can be uploaded to a Redis server. After that, connect to the Redis instance using Tiny RDM, open the key containing the malicious payload, and select the option to decode the value with Pickle. This action will trigger the execution of the payload, demonstrating the vulnerability.

Remediation

It is recommended to require explicit opt-in for Pickle decoding, accompanied by a prominent warning, or to disable it entirely. If Pickle support must be maintained, the decoding process should be executed in a controlled environment, such as a container with restricted permissions, and using a parser that validates the data schema instead of relying on pickle.loads.