aimhubio Aim Denial-of-Service Vulnerability via sshfs-Client in Version 3.25.0

A denial-of-service vulnerability has been identified in aimhubio Aim version 3.25.0. The issue arises from the sshfs-client's lack of a timeout setting, allowing the tracking server, which operates in a single-threaded manner, to become unresponsive. This occurs when the server is asked to connect to an unresponsive socket via sshfs, causing it to hang for an extended period and preventing it from handling other requests.

Impact

Exploitation of this vulnerability leads to a complete denial-of-service condition on the tracking server.

Reproduction

To reproduce this vulnerability, first, start the aim tracking server by running 'aim init' followed by 'aim server'. Ensure that the machine has a valid installation of sshfs. Next, create an unresponsive socket, such as by using a Python script that binds to port 22 and accepts a connection without sending any data. Once the socket is set up, send a request to the tracking server to mount a directory via sshfs, pointing to the unresponsive socket. After this request is processed, the tracking server will be unable to respond to other requests, demonstrating the denial-of-service condition.