Full Report
VM2 is a sandbox for NodeJs. The idea is that untrusted code can be executed within this context without anything sensitive being stolen or important items altered. Being able to escape the sandbox would be terrible for the system. Host exceptions may leak host objects in the sandbox. In order to prevent this from happening, code is preprocessed to instrument sanitizer for function calls. The identifier of the name catch clause has post processing in order to replace $tmpname with the actual value in a catch clause. This post processing allows a user to bypass the handleException() processing as a result of this. Now, an attacker can use any method to raise a host exception. Then, using the context of the host, access objects higher in the hierarchy to get code execution outside the sandbox. Overall, a straight forward sandbox escape by getting access to higher level objects. It's interesting how similar this is to Oxides sandbox escape 3 months ago.
Analysis Summary
# Vulnerability: vm2 Sandbox Escape via Exception Sanitization Bypass
## CVE Details
- CVE ID: Not explicitly provided in the summary.
- CVSS Score: Not explicitly provided in the summary.
- CWE: CWE-264 (Permissions, Privileges, and Access Controls - *Inferred: Bypass of sandbox security mechanism*)
## Affected Systems
- Products: vm2
- Versions: Versions up to and including 3.9.15
- Configurations: Any configuration using the vulnerable versions of vm2 to execute untrusted code in a sandbox environment.
## Vulnerability Description
The vulnerability resides in the source code transformer and exception sanitization logic within `vm2`. The library attempts to sanitize functions calls and specifically handles `catch` clause identifiers based on internal temporary names (like `$tmpname`) to prevent host objects from being leaked when a host exception occurs.
However, the post-processing step that replaces the internal placeholder `$tmpname` with the actual catch clause identifier *bypasses* the intended security check performed by `handleException()`. An attacker can exploit this by structuring their code to raise a host exception (e.g., leveraging internal mechanism like `prepareStackTrace`). Once a host exception is raised, the attacker can utilize the context of the host exception, access higher-level objects (like the host `Function` constructor), and ultimately achieve code execution outside of the intended Node.js sandbox.
## Exploitation
- Status: PoC available (Demonstrated via the provided code snippet proving RCE).
- Complexity: Likely Low to Medium, as it relies on specific code patterns to trigger the flawed post-processing logic followed by controlled exception raising.
- Attack Vector: Execution of malicious code within the sandbox environment (likely Local or Indirect Network access depending on how the untrusted code is injected).
## Impact
- Confidentiality: High (Access to host system information and secrets).
- Integrity: High (Ability to alter host system files and state, demonstrated by creating the 'pwned' file).
- Availability: High (Potential denial of service or system takeover).
## Remediation
### Patches
- The advisory implies a fix is available in versions subsequent to 3.9.15. Users should upgrade to the latest stable version of `vm2`. *(Note: A specific patched version number is not provided in the source text, but context suggests upgrading resolves the issue.)*
### Workarounds
- No specific vendor-provided workarounds were mentioned, but the core issue is the faulty `$tmpname` replacement in catch clauses. Any custom pre-processing or strict validation of sandboxed code that might prevent the structure causing the bypass could serve as a temporary measure, though upgrading is strongly recommended.
## Detection
- Indicators of Compromise: Unexpected file system modifications (e.g., file creation like 'pwned'), unusual external process execution originating from the application hosting the sandbox.
- Detection methods and tools: Monitoring calls to sensitive host APIs (`child_process`, `fs`, `require`) originating from within the execution context of `vm2`; static analysis of user-supplied code targeting exception handling structures.
## References
- Vendor advisories: Linked to GitHub Gist detailing the exploit for [email protected].
- Relevant links - defanged: `github dot com/patriksimek/vm2/blob/3.9.15/lib/transformer.js` (Referenced lines 49, 108, 137, 189)