Just ran a security audit of my OpnSense installation and noticed that there is an (R?)CE vuln in PyYAML with a 9.8 CVSS.
Does it actually affect OpnSense as long as one doesn't open YAML files from untrusted sources? IMHO one would need to be tricked into opening a crafted YAML file.
From what I can see, the automatic downloads like Suricata rules and Unbound blocklists are not in YAML format. I.e. no potentially crafted files should be parsed.
Any feedback is much appreciated.
AFAIK there is not a single yaml file on OPNsense. From my knowledge, OPNsense parses:
* Plaintext
* CSV
* JSON
* XML
So my guess is that it is pulled in by a 3rd party library (no direct dependency of OPnsense) or you have installed it manually.
# pkg info -r py37-yaml
py37-yaml-5.4.1:
suricata-devel-6.0.2_1
Suricata uses yaml configuration files that OPNsense writes. It is, however, unlikely to be exploited due to "when it processes untrusted YAML files" unless the attacker has root access to your system in which case the point is moot anyway.
Cheers,
Franco
@franco: Many thanks for your reply. This is what I guessed and hoped for.