Enviar #857784: zevorn rt-claw 36d128f72afa0b9d40a21bcd6069b0c193a58f82 (unreleased main, post-v0.2.0) Remote Code Execution via Unsafe Tool Auto-Approval (CWE-94)información

Títulozevorn rt-claw 36d128f72afa0b9d40a21bcd6069b0c193a58f82 (unreleased main, post-v0.2.0) Remote Code Execution via Unsafe Tool Auto-Approval (CWE-94)
Descripción# Technical Details A Remote Code Execution vulnerability exists in the Telegram-to-AI tool execution flow ending at `tool_run_script_execute` in `claw/services/tools/script.c` of rt-claw. The application fails to require explicit approval before executing dangerous AI-selected tools. A remote Telegram message can be forwarded into the AI pipeline, the model can return a `run_script` tool call, and `ai_engine.c` dispatches it through `claw_tool_invoke()` with no approval gate, leading to Python execution on Linux. # Vulnerable Code File: claw/services/im/telegram.c Method: tg_ai_worker Why: Untrusted Telegram text is forwarded into `ai_chat()`, which advertises tool schemas. When the model selects `run_script`, the call reaches `tool_run_script_execute` without any confirmation or deny-by-default control for dangerous local tools. # Reproduction 1. Download `verification_test.py`, `control-no-tool-call.py`, `harness.py`, `fake_ai_api.py`, and `fake_telegram_api.py` from the issue-linked gists. 2. Run `python3 verification_test.py` to build the Linux binary, start the fake Telegram and AI services, inject a Telegram message, and make the fake AI emit a `run_script` tool call. 3. Observe that `vuln/canary.txt` is created with `vuln-canary`; then run the control case and verify `control/canary.txt` is not created. # Impact - A remote Telegram user can trigger arbitrary Python execution through the AI tool path. - This can lead to local file read/write, credential theft, host tampering, and follow-on abuse of resources reachable by the `rtclaw` process.
Fuente⚠️ https://github.com/zevorn/rt-claw/issues/138
Usuario
 Eric-h (UID 97582)
Sumisión2026-06-13 08:14 (hace 1 mes)
Moderación2026-07-18 09:34 (1 month later)
EstadoAceptado
Entrada de VulDB380020 [zevorn rt-claw hasta 0.2.0 Telegram-to-AI Tool Execution Flow script.c tool_run_script_execute escalada de privilegios]
Puntos20

Do you need the next level of professionalism?

Upgrade your account now!