提交 #857622: zevorn rt-claw 36d128f72afa0b9d40a21bcd6069b0c193a58f82 (unreleased main, post-v0.2.0) Incorrect Authorization leading to Remote Code Execution (CWE-863)信息

标题zevorn rt-claw 36d128f72afa0b9d40a21bcd6069b0c193a58f82 (unreleased main, post-v0.2.0) Incorrect Authorization leading to Remote Code Execution (CWE-863)
描述# Technical Details An Incorrect Authorization vulnerability exists in the `handle_rpc_request` method in `claw/services/swarm/swarm.c` of rt-claw. The application fails to enforce the `CLAW_TOOL_LOCAL_ONLY` policy on the swarm RPC receiver path. A remote node can send a crafted UDP RPC request with `tool_name="run_script"` and attacker-controlled JSON, and the receiver directly invokes the tool even though `run_script` is explicitly marked local-only. # Vulnerable Code File: claw/services/swarm/swarm.c Method: handle_rpc_request Why: The receiver parses the inbound payload and calls `claw_tool_invoke()` without checking the target tool flags, while the sender helper `swarm_rpc_call()` does enforce the local-only restriction. On Linux, this reaches `tool_run_script_execute` and `claw_platform_run_script`, which execute Python code. # Reproduction 1. Download `verification_test.py` and `control-normal-behavior.py` from the issue-linked gists. 2. Build the Linux target with swarm and `run_script` enabled, then run the control script first. 3. Run `python3 verification_test.py` and observe that an unauthenticated swarm RPC request invokes `run_script` and reaches Python execution on the node. # Impact - An unauthenticated remote node can bypass local-only tool restrictions. - On Linux deployments with `tool_script` enabled, this leads to arbitrary Python execution in the context of the `rtclaw` process.
来源⚠️ https://github.com/zevorn/rt-claw/issues/133
用户
 Eric-x (UID 94869)
提交2026-06-13 05時06分 (1 月前)
管理2026-07-18 09時29分 (1 month later)
状态已接受
VulDB条目380016 [zevorn rt-claw 直到 0.2.0 RPC swarm.c claw_tool_invoke 权限提升]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!