November 4, 2024 at 09:45AM
Cybersecurity researchers identified six vulnerabilities in the Ollama AI framework, enabling attacks like denial-of-service, model poisoning, and theft. Two unresolved issues remain unpatched, emphasizing the need for users to restrict internet exposure of certain endpoints. Of 9,831 instances analyzed, one in four is vulnerable.
### Meeting Takeaways – Cybersecurity Vulnerabilities in Ollama AI Framework
**Date:** November 04, 2024
**Presenter:** Ravie Lakshmanan
—
**Overview:**
– Six security vulnerabilities have been identified in the Ollama AI framework, which can potentially be exploited by malicious actors for various attacks (e.g., denial-of-service, model poisoning, model theft).
**Key Vulnerabilities:**
1. **CVE-2024-39719**
– **CVSS Score:** 7.5
– **Issue:** File existence determination through `/api/create` endpoint.
– **Status:** Fixed in version 0.1.47.
2. **CVE-2024-39720**
– **CVSS Score:** 8.2
– **Issue:** Out-of-bounds read causing crashes (DoS) via `/api/create`.
– **Status:** Fixed in version 0.1.46.
3. **CVE-2024-39721**
– **CVSS Score:** 7.5
– **Issue:** Resource exhaustion leading to DoS when repeatedly using `/api/create` with “/dev/random”.
– **Status:** Fixed in version 0.1.34.
4. **CVE-2024-39722**
– **CVSS Score:** 7.5
– **Issue:** Path traversal vulnerability in `api/push` exposing server files and directory structure.
– **Status:** Fixed in version 0.1.46.
5. **Model Poisoning Vulnerability**
– **Endpoint:** `/api/pull` from untrusted sources.
– **Status:** Unpatched, no CVE identifier.
6. **Model Theft Vulnerability**
– **Endpoint:** `/api/push` to untrusted targets.
– **Status:** Unpatched, no CVE identifier.
**Recommendations:**
– Users are advised to filter exposed endpoints using proxies or web application firewalls to prevent unauthorized access, as default settings expose all endpoints.
**Current Risk Assessment:**
– Oligo Security discovered approximately 9,831 internet-facing Ollama instances, with notable vulnerabilities present in 25% of them. Locations predominantly include the U.S., China, and several European and Asian countries.
**Contextual Note:**
– This situation follows a previous severe vulnerability (CVE-2024-37032) disclosed four months prior, which could enable remote code execution.
**Conclusion:**
– Proper security measures are critical to safeguard deployments of the Ollama AI framework due to its inherent vulnerabilities and potential exposure to malicious actions.
—
For ongoing updates and further insights, consider following relevant cybersecurity feeds on Twitter and LinkedIn.