CVE-2020-13946 | Apache Cassandra RMIÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-09-03


0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2020-13946

ʱ    ¼ä

2020-09-03

Àà    ÐÍ


µÈ    ¼¶

ÖÐΣ

Ô¶³ÌʹÓÃ


Ó°Ïì¹æÄ£

Apache Cassandra 2.1.x: <2.1.22

Apache Cassandra 2.2.x: <2.2.18

Apache Cassandra 3.0.x: <3.0.22

Apache Cassandra 3.11.x: <3.11.8

Apache Cassandra 4.0-beta1: <4.0-beta2



2020Äê09ÔÂ01ÈÕ£¬£¬£¬£¬ £¬Apache¹Ù·½Ðû²¼ÁË Apache Cassandra RMI ÖØаó¶¨Îó²îµÄÇ徲ͨ¸æ£¬£¬£¬£¬ £¬¸ÃÎó²î±àºÅΪ £¨CVE-2020-13946£©¡£¡£¡£¡£¡£¡£¡£¡£¸ÃÎó²îÊÇÓÉÓÚÔÚApache CassandraÖУ¬£¬£¬£¬ £¬ÍâµØ¹¥»÷ÕßûÓÐȨÏÞ»á¼ûApache CassandraÀú³Ì»òÉèÖÃÎļþ£¬£¬£¬£¬ £¬µ«ÍâµØ¹¥»÷Õß¿ÉÒÔ²Ù×÷RMI×¢²á±íÀ´Ö´ÐÐÖÐÐÄÈ˹¥»÷£¬£¬£¬£¬ £¬²¢»ñÈ¡ÓÃÓÚ»á¼ûJMX½Ó¿ÚµÄÓû§ÃûºÍÃÜÂ룬£¬£¬£¬ £¬È»ºóʹÓÃÕâЩƾ֤»á¼ûJMX½Ó¿Ú²¢Ö´ÐÐδ¾­ÊÚȨµÄ²Ù×÷¡£¡£¡£¡£¡£¡£¡£¡£

0x01 Îó²îÏêÇé

ͼƬ7.png

Apache CassandraÊÇÒ»Ì׿ªÔ´ÂþÑÜʽÊý¾Ý¿âÖÎÀíϵͳ£¬£¬£¬£¬ £¬ÓÉFacebook¿ª·¢£¬£¬£¬£¬ £¬Æä»ùÓÚ Amazon Dynamo µÄÂþÑÜʽÉè¼ÆºÍ Google Bigtable µÄÊý¾ÝÄ£×ÓÀ´ÌṩNoSQLÊý¾Ý´æ´¢£¬£¬£¬£¬ £¬´Ó¶øÌṩ¸ß¿ÉÓÃÐԺ͸ßÀ©Õ¹ÐÔ£¬£¬£¬£¬ £¬³£ÓÃÓÚһЩʢÐеÄÍøÕ¾ÖС£¡£¡£¡£¡£¡£¡£¡£

±ðµÄ£¬£¬£¬£¬ £¬¹¥»÷Õß¿ÉÒÔͨ¹ýÁ¬ÏµÒ»¸öJREÎó²î£¨CVE-2019-2684£©Ê¹µÃApache Cassandra RMIÖØаó¶¨Îó²î£¨CVE-2020-13946£©±»Ô¶³ÌʹÓᣡ£¡£¡£¡£¡£¡£¡£

CVE-2019-2684ÊÇJava SEºÍJava SE Embedded×é¼þµÄ×Ó×é¼þRMIÖеÄÒ»¸öÎó²î£¬£¬£¬£¬ £¬¸ÃÎó²îʹµÃδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔͨ¹ý¶àÖÖЭÒé»á¼ûÍøÂ磬£¬£¬£¬ £¬´Ó¶øÆÆËðJava SEºÍJava SE Embedded¡£¡£¡£¡£¡£¡£¡£¡£¸ÃÎó²î±»ÀÖ³ÉʹÓÿÉÄܵ¼ÖµÄËùÓÐJava SE¡¢Java SE EmbeddedµÄ¿É»á¼ûÊý¾Ý±»¹¥»÷Õß¾ÙÐÐδÊÚȨ½¨É衢ɾ³ý»òÐ޸ġ£¡£¡£¡£¡£¡£¡£¡£ÊܸÃÎó²îÓ°ÏìµÄ°æ±¾ÎªJava SE£º7u211¡¢8u202¡¢11.0.2ºÍ12£»£»£»£»£»Java SE Embedded£º8u201¡£¡£¡£¡£¡£¡£¡£¡£

0x02 ´¦Öóͷ£½¨Òé

½¨Òéʵʱ½«Apache CassandraÉý¼¶µ½×îа汾¡£¡£¡£¡£¡£¡£¡£¡£

2.1.x°æ±¾Éý¼¶µ½2.1.22°æ±¾

2.2.x°æ±¾Éý¼¶µ½2.2.18°æ±¾

3.0.x°æ±¾Éý¼¶µ½3.0.22°æ±¾

3.11.x°æ±¾Éý¼¶µ½3.11.8°æ±¾

4.0-beta1°æ±¾Éý¼¶µ½4.0-beta2°æ±¾

ÏÂÔصص㣺

https://www.apache.org/dyn/closer.lua/cassandra/2.1.22/apache-cassandra-2.1.22-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/2.2.18/apache-cassandra-2.2.18-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/3.0.22/apache-cassandra-3.0.22-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/3.11.8/apache-cassandra-3.11.8-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/4.0-beta2/apache-cassandra-4.0-beta2-bin.tar.gz

0x03 Ïà¹ØÐÂÎÅ

https://haxf4rall.com/2020/09/02/cve-2020-13946-apache-cassandra-rmi-rebind-vulnerability-alert/

0x04 ²Î¿¼Á´½Ó

https://www.mail-archive.com/dev@cassandra.apache.org/msg15735.html

https://seclists.org/oss-sec/2020/q3/143

0x05 ʱ¼äÏß

2020-09-01 Apache¹Ù·½Ðû²¼Ô¤¾¯

2020-09-03 VSRCÐû²¼Îó²îͨ¸æ




ͼƬ5.png