Fugue Remote Code Execution Vulnerability via Unsafe Pickle Deserialization in FlaskRPCServer

A remote code execution vulnerability exists in the Fugue framework's RPC server implementation, specifically in versions through 0.9.1. The vulnerability arises from the _decode() function in fugue/rpc/flask.py, which uses cloudpickle.loads() to deserialize data without proper sanitization. This flaw allows clients to send arbitrary serialized Python objects that, when deserialized on the server side, can execute malicious code on the victim's machine. The issue is particularly concerning when the RPC server is bound to an open network, as it exposes the vulnerability to potential exploitation by attackers.

Impact

Exploitation of this vulnerability allows for remote code execution on the victim's machine. Once the RPC server is started and network-bound, an attacker can gain arbitrary code execution by sending crafted pickle payloads. This could lead to complete system compromise, data exfiltration, lateral movement within the network, denial-of-service attacks, or the installation of persistent backdoors.

Reproduction

To reproduce this vulnerability, start an RPC server using the Fugue framework, binding it to an open network. Then, modify the _encode() function in fugue/rpc/flask.py to inject malicious pickle data. After replacing the original flask.py with the modified version, use the RPC client to send a request containing the crafted pickle payload. The malicious code will be executed on the server side, demonstrating the remote code execution vulnerability.

Remediation

Users are advised to update to Fugue version 0.9.2 or later, where this vulnerability has been patched. Additionally, replace unsafe deserialization methods with safer alternatives, such as JSON serialization for simple data or Protocol Buffers for complex structures. If pickle must be used, implement a custom Unpickler that only allows whitelisted classes. For services intended for internal use, bind to localhost instead of an open network, and consider adding authentication and authorization mechanisms.