IT security researchers warn of several, some critical, security gaps in PyTorch. They discovered the leaks in the TorchServe component of Meta and Amazon’s open-source machine learning system that allow attackers to smuggle in malicious code remotely and take full control of the servers. Thousands of publicly accessible systems are affected, including those of very large organizations.
Advertisement
Like the IT researchers from Write Oligo in your security report, in the standard configuration of TorchServe the management interface is open on the network. Without any form of authentication, it allows access to everyone. The insecure deserialization of a malicious model also allows attackers from the network to inject their own code into the system (CVE-2022-1471, CVSS 9.9“Risk”critical“).
TorchServe: Combination of three gaps
Another vulnerability allows a so-called server-side request forgery (SSRF), which usually allows access to resources that are actually shielded in the network (CVE-2023-43654, CVSS 9.8, critical). This allows malicious actors to inject malicious code from the Internet and upload configurations from any domain.
The IT researchers explain that the combination of vulnerabilities allows malicious code to be executed from the network and the servers to be taken over. Tens of thousands of instances are accessible on the network and vulnerable to attacks.
Amazon and Meta close the security gaps with version 0.8.2 of PyTorch TorchServe. Amazon recommends in a security warningthat users of PyTorch Inference Deep Learning Containers (DLC) 1.13.1, 2.0.0 or 2.0.1 in the EC2, EKS and ECS services released before September 11th will update TorchServer to the new version . Since the standard configuration does not solve some of the problems, further measures need to be taken, write the Oligo researchers. By default, the software listens on the interface address 0.0.0.0. The configuration file should be restricted to secure networks.
In March, the PyTorch team released version 2.0 of the machine learning framework. It improved speed with Python based compilation.
(dmk)