Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
sagitz Profile picture
@sagitz_
Jun 24 7 tweets 2 min read Read on X
We found a Remote Code Execution (RCE) vulnerability in @Ollama - one of the most popular AI inference projects on GitHub. Here is everything you need to know about #Probllama (CVE-2024-37032) 🧵👇 Image
The issue is a simple Path Traversal vulnerability which can be exploited by pulling a model from a private registry. By specifying a malicious digest field, it is possible to overwrite any file on the system! Image
We exploited the vulnerability by overwriting /etc/ld.so.preload to load our malicious shared library. This escalated our Arbitrary File Write into a Remote Code Execution 😎
Although a patch for this issue (0.1.34) has been available for over a month, most publicly exposed instances found on Censys are still vulnerable🤯
It's a bad idea to expose your Ollama instance anyway. Attackers can leak models, modify prompts, and use compute resources even without exploiting a vulnerability.

It literally takes one cURL command to inject a malicious prompt into existing Ollama models. It's a feature. Chocolate cakes should not contain dish soap.Image
This behavior is a common pattern we see in AI tooling: an immature codebase with simple vulnerabilities, no common security mechanism out-of-the-box. Infrastructure security is one of the most challenging aspects of AI security.
For more technical details about this issue, check out our blog:
wiz.io/blog/probllama…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with sagitz

sagitz Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @sagitz_

sagitz Profile picture
Apr 4
We uploaded a backdoored AI model to @HuggingFace which we could use to potentially access other customers’ data✨

Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️ Image
Hugging Face, one of the best-known AI-as-a-Service providers, conveniently lets users interact with the AI models hosted on their platform using their own inference infrastructure. This feature is called Inference API. Image
AI Models can come in different formats, based on the framework they were developed in. Some formats are safe, while others (like Pickle) allow Remote Code Execution as a feature!Image
Read 9 tweets
sagitz Profile picture
Jul 27, 2023
We found two 0-day vulnerabilities in @Ubuntu kernel and it all started by reading descriptions of old CVEs 📖
Thread about the discovery of #GameOverlay 🧵👇🏼 Image
Our journey started when our team at @wiz_io read the advisory about CVE-2023-0386, a local privilege escalation in the Linux kernel. The vulnerability exploited OverlayFS to copy SUID files from a nosuid mount to outside directories, enabling privilege escalation to root. Image
To mitigate the issue, an additional check was added to verify that the owner of the modified file is present in the current user namespace: Image
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(