Отправить #857622: zevorn rt-claw 36d128f72afa0b9d40a21bcd6069b0c193a58f82 (unreleased main, post-v0.2.0) Incorrect Authorization leading to Remote Code Execution (CWE-863)Информация

Названиеzevorn rt-claw 36d128f72afa0b9d40a21bcd6069b0c193a58f82 (unreleased main, post-v0.2.0) Incorrect Authorization leading to Remote Code Execution (CWE-863)
Описание# Technical Details An Incorrect Authorization vulnerability exists in the `handle_rpc_request` method in `claw/services/swarm/swarm.c` of rt-claw. The application fails to enforce the `CLAW_TOOL_LOCAL_ONLY` policy on the swarm RPC receiver path. A remote node can send a crafted UDP RPC request with `tool_name="run_script"` and attacker-controlled JSON, and the receiver directly invokes the tool even though `run_script` is explicitly marked local-only. # Vulnerable Code File: claw/services/swarm/swarm.c Method: handle_rpc_request Why: The receiver parses the inbound payload and calls `claw_tool_invoke()` without checking the target tool flags, while the sender helper `swarm_rpc_call()` does enforce the local-only restriction. On Linux, this reaches `tool_run_script_execute` and `claw_platform_run_script`, which execute Python code. # Reproduction 1. Download `verification_test.py` and `control-normal-behavior.py` from the issue-linked gists. 2. Build the Linux target with swarm and `run_script` enabled, then run the control script first. 3. Run `python3 verification_test.py` and observe that an unauthenticated swarm RPC request invokes `run_script` and reaches Python execution on the node. # Impact - An unauthenticated remote node can bypass local-only tool restrictions. - On Linux deployments with `tool_script` enabled, this leads to arbitrary Python execution in the context of the `rtclaw` process.
Источник⚠️ https://github.com/zevorn/rt-claw/issues/133
Пользователь
 Eric-x (UID 94869)
Представление13.06.2026 05:06 (1 месяц назад)
Модерация18.07.2026 09:29 (1 month later)
Статуспринято
Запись VulDB380016 [zevorn rt-claw до 0.2.0 RPC swarm.c claw_tool_invoke эскалация привилегий]
Баллы20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!