CVE-2024-35059
📋 TL;DR
This vulnerability in NASA AIT-Core's Python Pickle library allows attackers to execute arbitrary code through deserialization of untrusted data. It affects NASA AIT-Core v2.5.2 users who process untrusted Pickle data. Attackers can achieve remote code execution via man-in-the-middle attacks or by supplying malicious Pickle data.
💻 Affected Systems
- NASA AIT-Core
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the affected system, potentially leading to data theft, lateral movement, and persistent backdoors.
Likely Case
Remote code execution allowing attackers to run arbitrary commands on the vulnerable system, potentially leading to data exfiltration or service disruption.
If Mitigated
Limited impact with proper input validation and network segmentation preventing exploitation attempts.
🎯 Exploit Status
Exploitation requires the ability to supply malicious Pickle data to the vulnerable component, which can be achieved through various attack vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.5.3 or later
Vendor Advisory: https://github.com/advisories/GHSA-jqff-8g2v-642h
Restart Required: Yes
Instructions:
1. Check current AIT-Core version
2. Update to v2.5.3 or later via pip: pip install --upgrade ait-core
3. Restart all services using AIT-Core
4. Verify the update was successful
🔧 Temporary Workarounds
Input Validation for Pickle Data
allImplement strict input validation to reject untrusted Pickle data before deserialization
# Python code snippet to validate pickle sources
import pickle
def safe_load(pickle_data, trusted_sources):
if not is_trusted_source(pickle_data, trusted_sources):
raise ValueError('Untrusted pickle data')
return pickle.loads(pickle_data)
Network Segmentation
linuxIsolate systems using vulnerable AIT-Core version from untrusted networks
# Example firewall rule to restrict access
iptables -A INPUT -p tcp --dport <ait_port> -s <trusted_network> -j ACCEPT
iptables -A INPUT -p tcp --dport <ait_port> -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure to trusted sources only
- Monitor for suspicious pickle deserialization attempts and implement application-level logging
🔍 How to Verify
Check if Vulnerable:
Check the installed AIT-Core version: python -c "import ait; print(ait.__version__)" and verify if it's v2.5.2Check Version:
python -c "import ait; print(ait.__version__)"Verify Fix Applied:
After updating, verify version is v2.5.3 or later: python -c "import ait; print(ait.__version__)"📡 Detection & Monitoring
Log Indicators:
- Unexpected pickle deserialization errors
- Unusual process execution from AIT-Core context
- Network connections from AIT-Core to unexpected destinations
Network Indicators:
- Unusual pickle data transmission to AIT-Core services
- Man-in-the-middle attack patterns on AIT-Core network traffic
SIEM Query:
source="ait-core.log" AND ("pickle.loads" OR "deserialization" OR "untrusted data")