Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200509-09] Py2Play: Remote execution of arbitrary Python code Vulnerability Scan
Vulnerability Scan Summary
Py2Play: Remote execution of arbitrary Python code
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200509-09
(Py2Play: Remote execution of arbitrary Python code)
Arc Riley discovered that Py2Play uses Python pickles to send
objects over a peer-to-peer game network, and that clients accept
without restriction the objects and code sent by peers.
A remote attacker participating in a Py2Play-powered game can send
malicious Python pickles, resulting in the execution of arbitrary
Python code on the targeted game client.
There is no known workaround at this time.
The Py2Play package has been hard-masked prior to complete removal
from Portage, and current users are advised to unmerge the package:
# emerge --unmerge dev-python/py2play
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.