MaxKB Sandbox Escape Vulnerability in ToolExecutor Component Allowing Arbitrary Code Execution
Vulnerability
A sandbox escape vulnerability has been identified in MaxKB, an open-source AI assistant for enterprise, specifically in versions through 2.7.1. The issue resides in the ToolExecutor component, where an authenticated attacker with workspace privileges can exploit Python's ctypes library to execute raw system calls. This exploitation bypasses the LD_PRELOAD-based sandbox module, leading to arbitrary code execution via direct kernel system calls. The vulnerability allows for full network exfiltration and container compromise. The sandbox fails to block modern system calls like SYS_pkey_mprotect, which can be exploited to manipulate memory protections and execute unauthorized system calls, circumventing the intended security measures.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the host system, with the executed code running in the kernel context. This could lead to a complete compromise of the Docker container and potentially allow for unauthorized access to network resources, facilitating data exfiltration.
Remediation
Users can upgrade to MaxKB version 2.8.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.