^{_{(Source – GBHackers)}}

Ollama AI platform: Discovery and Impact

Cybersecurity researchers have uncovered a significant security flaw in the Ollama open-source artificial intelligence (AI) platform, potentially allowing attackers to execute remote code. Tracked as CVE-2024-37032 and dubbed Probllama by Wiz, the vulnerability was disclosed responsibly on May 5, 2024. The flaw was promptly addressed in version 0.1.34 of Ollama, released just two days later.

Ollama AI platform is a critical infrastructure for packaging and running large language models (LLMs) locally on Windows, Linux, and macOS devices. The vulnerability stemmed from insufficient input validation within the platform, specifically affecting an API endpoint used for model downloads. By exploiting a path traversal flaw via crafted HTTP requests to the “/api/pull” endpoint, attackers could overwrite critical files on the server. This included compromising the “etc/ld.so.preload” configuration file on Linux systems, potentially enabling the execution of unauthorized code every time a program runs.

Exploitation and Risk Mitigation

The severity of CVE-2024-37032 varied depending on deployment configurations. While default Linux installations binding the API server to localhost reduced the risk of remote code execution, Docker deployments were particularly vulnerable. In Docker setups, where the API server defaults to running with root privileges and binds to all interfaces (“0.0.0.0”), remote exploitation became feasible. This configuration oversight could lead to malicious actors gaining unauthorized access to AI models hosted on exposed Ollama instances.

Security researcher Sagi Tzadik emphasized the critical nature of the vulnerability in Docker environments, highlighting the ease with which attackers could exploit the flaw due to the lack of authentication measures within Ollama. The exposure of over 1,000 unprotected Ollama instances hosting sensitive AI models underscored the widespread impact and urgency for securing such deployments with robust authentication mechanisms and reverse proxies.

Industry Response and Continued Concerns

The discovery of CVE-2024-37032 adds to growing concerns over the security of AI and machine learning (ML) infrastructure. Protect AI recently identified over 60 security vulnerabilities across various open-source AI/ML tools, including critical flaws like CVE-2024-22476 in Intel Neural Compressor software. These vulnerabilities range from SQL injections to privilege escalation, highlighting broader industry challenges in securing AI deployments.

Despite Ollama’s modern codebase and functionality, the persistence of classic vulnerabilities like path traversal serves as a reminder of ongoing security risks. Experts urge organizations to update their Ollama AI platform installations promptly and implement stringent security measures to mitigate the risk of exploitation.

In conclusion, while advancements in AI technology offer immense potential, the security community must remain vigilant against evolving threats. The swift response to CVE-2024-37032 underscores the importance of proactive security practices in safeguarding AI infrastructure against malicious exploitation.