Security News > 2022 > February > High-Severity RCE Security Bug Reported in Apache Cassandra Database Software

High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
2022-02-16 03:20

Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations.

"This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.

Apache Cassandra is an open-source, distributed, NoSQL database management system for managing very large amounts of structured data across commodity servers.

Specifically, it was found that Cassandra deployments are vulnerable to CVE-2021-44521 when the cassandra.

"When the option is set to false, all invoked UDF functions run in the Cassandra daemon thread, which has a security manager with some permissions," Kaspi said, thereby allowing the adversary to disable the security manager and break out of the sandbox and run arbitrary shell commands on the server.

Apache Cassandra users are encouraged to upgrade to versions 3.0.26, 3.11.12, and 4.0.2 to avoid possible exploitation, which addresses the flaw by adding a new flag "Allow extra insecure udfs" that's set to false by default and prevents turning off the security manager.


News URL

https://thehackernews.com/2022/02/high-severity-rce-security-bug-reported.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2021-44521 Incorrect Permission Assignment for Critical Resource vulnerability in Apache Cassandra
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host.
network
low complexity
apache CWE-732
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642