Egtai GMX-VMD-MCP Command Injection Vulnerability in VMD Launch Handler

A command injection vulnerability has been identified in Egtai GMX-VMD-MCP versions through 0.1.0. The issue arises in the VMD Launch Handler component, specifically within the 'launch_vmd_gui_tool' function of 'mcp_server.py'. The vulnerability allows for arbitrary command execution on the host by manipulating the 'structure_file' and 'trajectory_file' arguments. This exploitation can be performed remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the host, with high potential to read or modify files, disrupt service workflows, and create new files, indicating a severe impact on the system.

Reproduction

To reproduce this vulnerability, first create two files: one legitimate trajectory file and another crafted file with a name that includes shell metacharacters, such as a semicolon followed by a command. Then, invoke the 'launch_vmd_gui_tool' function through the MCP service, passing the crafted file as the 'structure_file' argument and the legitimate file as the 'trajectory_file' argument. The injected command will be executed on the host, demonstrating the command injection vulnerability.

Remediation

It is recommended to avoid using 'os.system()' for executing commands with user-supplied file paths. Instead, use 'subprocess.run()' or 'create_subprocess_exec' to execute commands safely without a shell. Additionally, normalize and validate file paths before use, and implement regression tests to ensure that similar vulnerabilities do not reoccur.