CVE-2022-40427 The d8s-domains for python included a backdoor added by a third party. The backdoor is democritus-networking.

This version was released in February 2019. The security issue was discovered by George Kadianakis, a computer scientist at the University of Ioannina. If a user installs python3, the version of the programming language that runs on Windows, and the d8s-domains package, they open up a backdoor that allows an attacker to remotely control the machine. In most cases, the attacker only needs to send a message to the user’s computer, then the d8s-domains package listens and executes the command, using the user’s internet connection to send the message. The package does this without asking for confirmation from the user. The security issue was resolved in April 2019.

Check if your Python is vulnerable to CVE-2022-40427

To check if your Python is vulnerable to CVE-2022-40427, you can use the following command:

python3 -c 'import d8;d8.main()'
This will not crash and will return a string representing an error message.

Python 3.7.1

Security Issue

A security vulnerability in Python 3.7.1 was discovered in early 2019. The vulnerability effected Windows machines and allowed an attacker who has access to the machine to remotely control the computer. A backdoor was created that would allow the attacker to gain access and send commands to the machine without asking for confirmation from the user. Python 3.7.1 was patched and resolved this issue, however there are still other versions that are vulnerable, including 3.7 and 3.6, so it is important to stay up-to-date with your software updates if you use these versions of Python on your system.

Python 3 and d8s-domains Package - CVE Severity Rating high

CVE-2022-40427 is an example of one of the most severe vulnerabilities that has been found in the past year. It's a high severity vulnerability because it allows an attacker to remotely execute commands on your machine without asking for confirmation. This can be detrimental to your computer and your data.

Python 3 and d8s-domains package:

A backdoor
Python 3 is a programming language that runs on Windows machines. This software package provides an easy way to manage domains, which are websites. When this package is installed and updated, it creates a back door that allows an attacker remote control of the host machine. The security issue was resolved in April 2019.

How does d8s-domains work?

The d8s-domains package is installed on Windows. The package provides the user with a way to host domains and services using their browser, but it has no confirmation prompt when the user clicks on an option that requires remote access. This can be used by an attacker to gain access to the computer without any action from the user.

Timeline

Published on: 09/19/2022 15:15:00 UTC
Last modified on: 09/21/2022 15:36:00 UTC

References

• https://pypi.org/project/democritus-networking/
• https://github.com/democritus-project/d8s-domains/issues/7
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40427