CVE-2020-13946 | Apache Cassandra RMI·ì϶¹«¸æ

°ä²¼¹¦·ò 2020-09-03


0x00 ·ì϶¸ÅÊö

CVE   ID

CVE-2020-13946

ʱ    ¼ä

2020-09-03

Àà    ÐÍ


µÈ    ¼¶

ÖÐΣ

Ô¶³ÌÀûÓÃ


Ó°ÏìÁìÓò

Apache Cassandra 2.1.x: <2.1.22

Apache Cassandra 2.2.x: <2.2.18

Apache Cassandra 3.0.x: <3.0.22

Apache Cassandra 3.11.x: <3.11.8

Apache Cassandra 4.0-beta1: <4.0-beta2



2020Äê09ÔÂ01ÈÕ£¬£¬£¬£¬£¬£¬Apache¹Ù·½°ä²¼ÁË Apache Cassandra RMI ³Áа󶨷ì϶µÄ°²È«¹«¸æ£¬£¬£¬£¬£¬£¬¸Ã·ì϶±àºÅΪ £¨CVE-2020-13946£©¡£¡£¡£¡£¡£¡£¡£¡£¸Ã·ì϶ÊÇÓÉÓÚÔÚApache CassandraÖУ¬£¬£¬£¬£¬£¬±¾µØ¹¥»÷ÕßûÓÐȨÏÞ½Ó¼ûApache Cassandra¹ý³Ì»òÅäÖÃÎļþ£¬£¬£¬£¬£¬£¬µ«±¾µØ¹¥»÷Õß¿ÉÒÔ²Ù×÷RMI×¢²á±íÀ´Ö´ÐÐÖÐÑëÈ˹¥»÷£¬£¬£¬£¬£¬£¬²¢»ñÈ¡ÓÃÓÚ½Ó¼ûJMX½Ó¿ÚµÄÓû§ÃûºÍÃÜÂ룬£¬£¬£¬£¬£¬¶øºóÀûÓÃÕâЩƾ֤½Ó¼ûJMX½Ó¿Ú²¢Ö´ÐÐδ¾­ÊÚȨµÄ²Ù×÷¡£¡£¡£¡£¡£¡£¡£¡£

0x01 ·ì϶ÏêÇé

ͼƬ7.png

Apache CassandraÊÇÒ»Ì׿ªÔ´É¢²¼Ê½Êý¾Ý¿âÖÎÀíϵͳ£¬£¬£¬£¬£¬£¬ÓÉFacebook¿ª·¢£¬£¬£¬£¬£¬£¬Æä»ùÓÚ Amazon Dynamo µÄÉ¢²¼Ê½Éè¼ÆºÍ Google Bigtable µÄÊý¾ÝÄ£ÐÍÀ´ÌṩNoSQLÊý¾Ý´æ´¢£¬£¬£¬£¬£¬£¬´Ó¶øÌṩ¸ß¿ÉÓÃÐԺ͸ßÀ©´óÐÔ£¬£¬£¬£¬£¬£¬³£ÓÃÓÚһЩʢÐеÄÍøÕ¾ÖС£¡£¡£¡£¡£¡£¡£¡£

´Ë±í£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÄܹ»Í¨¹ý½áºÏÒ»¸öJRE·ì϶£¨CVE-2019-2684£©Ê¹µÃApache Cassandra RMI³Áа󶨷ì϶£¨CVE-2020-13946£©±»Ô¶³ÌÀûÓᣡ£¡£¡£¡£¡£¡£¡£

CVE-2019-2684ÊÇJava SEºÍJava SE Embedded×é¼þµÄ×Ó×é¼þRMIÖеÄÒ»¸ö·ì϶£¬£¬£¬£¬£¬£¬¸Ã·ì϶ʹµÃδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÄܹ»Í¨¹ý¶àÖÖºÍ̸½Ó¼ûÍøÂ磬£¬£¬£¬£¬£¬´Ó¶ø·ÛËéJava SEºÍJava SE Embedded¡£¡£¡£¡£¡£¡£¡£¡£¸Ã·ì϶±»³É¹¦ÀûÓÿÉÄܵ¼ÖµÄËùÓÐJava SE¡¢Java SE EmbeddedµÄ¿É½Ó¼ûÊý¾Ý±»¹¥»÷Õß½øÐÐδÊÚȨ´´½¨¡¢É¾³ý»òÅú¸Ä¡£¡£¡£¡£¡£¡£¡£¡£Êܸ÷ì϶ӰÏìµÄ°æ±¾ÎªJava SE£º7u211¡¢8u202¡¢11.0.2ºÍ12£» £»£»£»£»£»£»Java SE Embedded£º8u201¡£¡£¡£¡£¡£¡£¡£¡£

0x02 ´ëÖý¨Òé

½¨Òéʵʱ½«Apache CassandraÉý¼¶µ½×îа汾¡£¡£¡£¡£¡£¡£¡£¡£

2.1.x°æ±¾Éý¼¶µ½2.1.22°æ±¾

2.2.x°æ±¾Éý¼¶µ½2.2.18°æ±¾

3.0.x°æ±¾Éý¼¶µ½3.0.22°æ±¾

3.11.x°æ±¾Éý¼¶µ½3.11.8°æ±¾

4.0-beta1°æ±¾Éý¼¶µ½4.0-beta2°æ±¾

ÏÂÔصØÖ·£º

https://www.apache.org/dyn/closer.lua/cassandra/2.1.22/apache-cassandra-2.1.22-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/2.2.18/apache-cassandra-2.2.18-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/3.0.22/apache-cassandra-3.0.22-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/3.11.8/apache-cassandra-3.11.8-bin.tar.gz

https://www.apache.org/dyn/closer.lua/cassandra/4.0-beta2/apache-cassandra-4.0-beta2-bin.tar.gz

0x03 ÓйØÐÂÎÅ

https://haxf4rall.com/2020/09/02/cve-2020-13946-apache-cassandra-rmi-rebind-vulnerability-alert/

0x04 ²Î¿¼Á´½Ó

https://www.mail-archive.com/dev@cassandra.apache.org/msg15735.html

https://seclists.org/oss-sec/2020/q3/143

0x05 ¹¦·òÏß

2020-09-01 Apache¹Ù·½°ä²¼Ô¤¾¯

2020-09-03 VSRC°ä²¼·ì϶¹«¸æ




ͼƬ5.png