Exploit
CVE-2024-6868

Improper Input Validation (CWE-20)

Published: Oct 29, 2024 / Updated: 21d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

A vulnerability in mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a 'tarslip' attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory.

Impact

This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server. The potential impacts are severe, as it allows attackers to write files to arbitrary locations on the server, potentially compromising the entire system. This could result in unauthorized access, data breaches, system manipulation, and complete compromise of the LocalAI application and possibly the underlying server.

Exploitation

One proof-of-concept exploit is available on huntr.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been addressed in a commit on GitHub, specifically at https://github.com/mudler/localai/commit/a181dd0ebc5d3092fc50f61674d552604fe8ef9c. The patch was added on 2024-11-13.

Mitigation

1. Immediate patching: Update mudler/LocalAI to a version newer than 2.17.1 that includes the security fix. 2. Access control: Restrict network access to the LocalAI server to trusted sources only. 3. Input validation: Implement strict validation for any user-supplied input, especially for model configurations and archive files. 4. Monitoring: Implement robust logging and monitoring to detect any suspicious file system activities or unexpected file creations. 5. Principle of least privilege: Ensure the LocalAI application runs with minimal necessary permissions to limit potential damage in case of exploitation. 6. Regular security audits: Conduct frequent security reviews of the LocalAI deployment and its configurations.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6868

Oct 29, 2024 at 1:15 PM
First Article

Feedly found the first article mentioning CVE-2024-6868. See article

Oct 29, 2024 at 1:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 29, 2024 at 1:22 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Oct 30, 2024 at 10:18 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Nov 13, 2024 at 2:45 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Nov 13, 2024 at 4:10 PM
Static CVE Timeline Graph

Affected Systems

Mudler/localai
+null more

Exploits

https://huntr.com/bounties/752d2376-2d9a-4e17-b462-3c267f9dd229
+null more

Patches

github.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

CVE-2024-6868 Exploit
CVE Id : CVE-2024-6868 Published Date: 2024-11-13T14:43:00+00:00 mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a 'tarslip' attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server. inTheWild added a link to an exploit: https://huntr.com/bounties/752d2376-2d9a-4e17-b462-3c267f9dd229
NA - CVE-2024-6868 - mudler/LocalAI version 2.17.1 allows for...
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar),...
CVE-2024-6868 | mudler LocalAI up to 2.18.0 Automatic Archive Extraction input validation
A vulnerability, which was classified as problematic , was found in mudler LocalAI up to 2.18.0 . This affects an unknown part of the component Automatic Archive Extraction . The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2024-6868 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-6868 - Mudler LocalAI File Write Arbitrary File Write
CVE ID : CVE-2024-6868 Published : Oct. 29, 2024, 1:15 p.m. 52 minutes ago Description : mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a 'tarslip' attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server.
CVE-2024-6868
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a 'tarslip' attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server.
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI