CVE-2020-13946 | Apache Cassandra RMIÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-09-03


0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2020-13946

ʱ    ¼ä

2020-09-03

Àà    ÐÍ


µÈ    ¼¶

ÖÐΣ

Ô¶³ÌʹÓÃ


Ó°Ïì¹æÄ£

Apache Cassandra 2.1.x: <2.1.22

Apache Cassandra 2.2.x: <2.2.18

Apache Cassandra 3.0.x: <3.0.22

Apache Cassandra 3.11.x: <3.11.8

Apache Cassandra 4.0-beta1: <4.0-beta2



2020Äê09ÔÂ01ÈÕ£¬£¬ £¬£¬£¬Apache¹Ù·½Ðû²¼ÁË Apache Cassandra RMI ÖØаó¶¨Îó²îµÄÇ徲ͨ¸æ£¬£¬ £¬£¬£¬¸ÃÎó²î±àºÅΪ £¨CVE-2020-13946£©¡£ ¡£¡£¡£¸ÃÎó²îÊÇÓÉÓÚÔÚApache CassandraÖУ¬£¬ £¬£¬£¬ÍâµØ¹¥»÷ÕßûÓÐȨÏÞ»á¼ûApache CassandraÀú³Ì»òÉèÖÃÎļþ£¬£¬ £¬£¬£¬µ«ÍâµØ¹¥»÷Õß¿ÉÒÔ²Ù×÷RMI×¢²á±íÀ´Ö´ÐÐÖÐÐÄÈ˹¥»÷£¬£¬ £¬£¬£¬²¢»ñÈ¡ÓÃÓÚ»á¼ûJMX½Ó¿ÚµÄÓû§ÃûºÍÃÜÂ룬£¬ £¬£¬£¬È»ºóʹÓÃÕâЩƾ֤»á¼ûJMX½Ó¿Ú²¢Ö´ÐÐδ¾­ÊÚȨµÄ²Ù×÷¡£ ¡£¡£¡£

0x01 Îó²îÏêÇé

ͼƬ7.png

Apache CassandraÊÇÒ»Ì׿ªÔ´ÂþÑÜʽÊý¾Ý¿âÖÎÀíϵͳ£¬£¬ £¬£¬£¬ÓÉFacebook¿ª·¢£¬£¬ £¬£¬£¬Æä»ùÓÚ Amazon Dynamo µÄÂþÑÜʽÉè¼ÆºÍ Google Bigtable µÄÊý¾ÝÄ£×ÓÀ´ÌṩNoSQLÊý¾Ý´æ´¢£¬£¬ £¬£¬£¬´Ó¶øÌṩ¸ß¿ÉÓÃÐԺ͸ßÀ©Õ¹ÐÔ£¬£¬ £¬£¬£¬³£ÓÃÓÚһЩʢÐеÄÍøÕ¾ÖС£ ¡£¡£¡£

±ðµÄ£¬£¬ £¬£¬£¬¹¥»÷Õß¿ÉÒÔͨ¹ýÁ¬ÏµÒ»¸öJREÎó²î£¨CVE-2019-2684£©Ê¹µÃApache Cassandra RMIÖØаó¶¨Îó²î£¨CVE-2020-13946£©±»Ô¶³ÌʹÓᣠ¡£¡£¡£

CVE-2019-2684ÊÇJava SEºÍJava SE Embedded×é¼þµÄ×Ó×é¼þRMIÖеÄÒ»¸öÎó²î£¬£¬ £¬£¬£¬¸ÃÎó²îʹµÃδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔͨ¹ý¶àÖÖЭÒé»á¼ûÍøÂ磬£¬ £¬£¬£¬´Ó¶øÆÆËðJava SEºÍJava SE Embedded¡£ ¡£¡£¡£¸ÃÎó²î±»ÀÖ³ÉʹÓÿÉÄܵ¼ÖµÄËùÓÐJava SE¡¢Java SE EmbeddedµÄ¿É»á¼ûÊý¾Ý±»¹¥»÷Õß¾ÙÐÐδÊÚȨ½¨É衢ɾ³ý»òÐ޸ġ£ ¡£¡£¡£ÊܸÃÎó²îÓ°ÏìµÄ°æ±¾ÎªJava SE£º7u211¡¢8u202¡¢11.0.2ºÍ12£»£»£» £»£»£»Java SE Embedded£º8u201¡£ ¡£¡£¡£

0x02 ´¦Öóͷ£½¨Òé

½¨Òéʵʱ½«Apache CassandraÉý¼¶µ½×îа汾¡£ ¡£¡£¡£

2.1.x°æ±¾Éý¼¶µ½2.1.22°æ±¾

2.2.x°æ±¾Éý¼¶µ½2.2.18°æ±¾

3.0.x°æ±¾Éý¼¶µ½3.0.22°æ±¾

3.11.x°æ±¾Éý¼¶µ½3.11.8°æ±¾

4.0-beta1°æ±¾Éý¼¶µ½4.0-beta2°æ±¾

ÏÂÔصص㣺

https://www.apache.org/dyn/closer.lua/cassandra/2.1.22/apache-cassandra-2.1.22-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/2.2.18/apache-cassandra-2.2.18-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/3.0.22/apache-cassandra-3.0.22-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/3.11.8/apache-cassandra-3.11.8-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/4.0-beta2/apache-cassandra-4.0-beta2-bin.tar.gz

0x03 Ïà¹ØÐÂÎÅ

https://haxf4rall.com/2020/09/02/cve-2020-13946-apache-cassandra-rmi-rebind-vulnerability-alert/

0x04 ²Î¿¼Á´½Ó

https://www.mail-archive.com/dev@cassandra.apache.org/msg15735.html

https://seclists.org/oss-sec/2020/q3/143

0x05 ʱ¼äÏß

2020-09-01 Apache¹Ù·½Ðû²¼Ô¤¾¯

2020-09-03 VSRCÐû²¼Îó²îͨ¸æ




ͼƬ5.png