MaxKB Sandbox Bypass Vulnerability Allowing Arbitrary File Access

A vulnerability in MaxKB, an open-source AI assistant for enterprise, prior to version 1.10.8-lts, allows for sandbox bypass. The sandbox only restricts execution permissions of binary files in common directories like /bin and /usr/bin. This oversight enables attackers to exploit files with execution permissions in non-blacklisted directories. For example, the system's 'urlget' file can be used to read arbitrary files, such as '/etc/passwd'. The vulnerability can be exploited by executing a crafted payload that bypasses the sandbox restrictions and accesses sensitive file content.

Impact

Exploitation of this vulnerability bypasses the application's sandbox restrictions, allowing unauthorized execution of commands and access to sensitive file contents.

Reproduction

To reproduce this vulnerability, first ensure that MaxKB is running a version prior to 1.10.8-lts. The vulnerability can be exploited through the application's function library debugging feature. Once the sandbox bypass payload is executed, the attacker can read arbitrary files from the system. For instance, the 'urlget' utility can be used to access '/etc/passwd'.

Remediation

Users can upgrade to MaxKB version 1.10.8-lts or later to address this vulnerability.