- Cybersecurity researchers identified CVE-2024-37032, nicknamed Probllama, in Ollama AI infrastructure.
- Vulnerability allowed remote code execution via path traversal in the “/api/pull” endpoint.
- Issue was promptly patched in version 0.1.34 after responsible disclosure in May 2024.
- Docker deployments particularly vulnerable due to public exposure of API server with root privileges.
- Recommendations include implementing authentication and reverse proxies for enhanced security.
Main AI News:
In a recent discovery, cybersecurity researchers have unearthed a critical vulnerability within the Ollama open-source artificial intelligence (AI) infrastructure platform. Dubbed CVE-2024-37032 and nicknamed Probllama by cloud security firm Wiz, this flaw has now been patched following responsible disclosure on May 5, 2024. The issue was promptly addressed in version 0.1.34, released just two days later on May 7, 2024.
Ollama serves as a robust service for packaging and deploying large language models (LLMs) on Windows, Linux, and macOS devices. The vulnerability stemmed from insufficient input validation, resulting in a path traversal flaw. Exploitation of this flaw could potentially allow attackers to overwrite arbitrary files on the server and achieve remote code execution.
The vulnerability exploits the “/api/pull” API endpoint, crucial for model downloads, by inserting a malicious model manifest file with a path traversal payload in the digest field. This manipulation not only compromises system files but also permits the execution of unauthorized code by altering critical configuration files such as “etc/ld.so.preload.”
While the risk is mitigated on default Linux installations where the API server binds to localhost, Docker deployments are particularly vulnerable. In Docker setups, where the API server is often publicly exposed and runs with root privileges, the vulnerability becomes exploitable remotely.
Security researcher Sagi Tzadik emphasized the severity of this issue, especially in Docker environments, highlighting the critical need for heightened security measures such as authentication middleware and reverse proxies to safeguard against unauthorized access.
This discovery underscores ongoing challenges in securing modern AI infrastructure against classic vulnerabilities like path traversal, despite advancements in programming practices and language frameworks.
Conclusion:
This discovery of the CVE-2024-37032 vulnerability in Ollama AI infrastructure highlights significant security risks in modern AI deployments. The ability for remote code execution via path traversal underscores the critical need for robust security measures across AI platforms, especially in Docker environments. As organizations increasingly rely on AI for mission-critical operations, ensuring rigorous security protocols will be essential to mitigate potential vulnerabilities and safeguard sensitive data and operations.
