Gửi #856871: zevorn rt-claw unreleased post-v0.2.0 (36d128f) Improper Authorization (CWE-285)thông tin

tiêu đềzevorn rt-claw unreleased post-v0.2.0 (36d128f) Improper Authorization (CWE-285)
Mô tả# Technical Details An Improper Authorization vulnerability exists in the swarm RPC receiver at `handle_rpc_request()` in `claw/services/swarm/swarm.c` of rt-claw. The application implements a `CLAW_TOOL_LOCAL_ONLY` flag to designate tools that must not be invoked remotely, but only enforces this policy on the sender side (`swarm_rpc_call()`). The receiver path `handle_rpc_request()` accepts unauthenticated UDP RPC packets, resolves the attacker-supplied `tool_name`, parses the JSON payload, and calls `claw_tool_invoke()` without any authorization gate. This allows any reachable swarm peer to invoke `save_memory` (registered with `CLAW_TOOL_LOCAL_ONLY`) and persist attacker-controlled long-term memory entries into the disk-backed KV store, influencing future AI context. # Vulnerable Code File: claw/services/swarm/swarm.c (lines 315–325) Method: handle_rpc_request() Why: The function resolves `claw_tool_core_find(req->tool_name)` and directly invokes `claw_tool_invoke(tool, invoke_params, result)` without checking `tool->flags & CLAW_TOOL_LOCAL_ONLY`. The sender-side check exists at lines 477–480 but is client-side only. `save_memory` is registered at `claw/services/tools/system.c` lines 452–465. # Reproduction 1. Build rt-claw for Linux with `-Dosal=linux -Dswarm=true -Dtool_system=true` 2. Start the rtclaw binary binding UDP port 5300 3. Send a forged swarm RPC packet: `{"tool_name":"save_memory","payload":{"key":"swarm_canary","value":"GHSA-canary"}}` 4. Observe RPC response with `status=0` and confirmation of saved memory 5. Verify persistence by reading KV file at `$HOME/.config/rt-claw/kv/claw_ltm/data` 6. Run control with a nonexistent tool — response returns `status=1` with no side effects # Impact - Unauthenticated remote attacker can bypass local-only tool restrictions on the swarm RPC interface - Attacker can persist arbitrary long-term memory entries that survive process restarts - Injected memories influence future AI model context, enabling persistent behavior manipulation - May impact any tool registered with CLAW_TOOL_LOCAL_ONLY in the build configuration
Nguồn⚠️ https://github.com/zevorn/rt-claw/issues/137
Người dùng
 Eric-y (UID 95889)
Đệ trình12/06/2026 11:38 (cách đây 1 tháng)
Kiểm duyệt17/07/2026 18:08 (1 month later)
Trạng tháiBản sao
Mục VulDB379838 [zevorn rt-claw đến 0.2.0 Swarm RPC Receiver swarm.c handle_rpc_request nâng cao đặc quyền]
điểm0

Want to know what is going to be exploited?

We predict KEV entries!