[IPython-dev] Vulnerability in IPython Notebook ≤ 1.1
Kyle Kelley
rgbkrk at gmail.com
Sun Jul 13 17:56:25 EDT 2014
Everyone,
On IPython ≤ 1.1, a remote site could have exploited a vulnerability in
cross origin websocket handling to execute code on an IPython kernel, with
knowledge of the kernel id (which requires user intervention).
This vulnerability was patched in
https://github.com/ipython/ipython/pull/4845 and reported to the CVE
(Common Vulnerabilities and Exposure) database.
Summary given to the CVE database: The origin of websocket requests was not
verified within the IPython notebook server. If an attacker has knowledge
of an IPython kernel id they can run arbitrary code on a user's machine
when the client visits a crafted malicious page.
The CVE ID is CVE-2014-342 (
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-342).
If you were at SciPy and watched the final round of lightning talks, you
already know about this vulnerability (as much as you can within a 5 minute
talk that is).
I wrote a more detailed explanation at
http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython
Feel free to ask us (the IPython team) any questions!
Regards,
Kyle Kelley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140713/bdcaf500/attachment.html>
More information about the IPython-dev
mailing list