A full white paper was released this week on a recently fixed a critical remote code execution (RCE) vulnerability in Apache Cassandra, a distributed NoSQL database that offers high scalability very popular with companies like Cisco, Netflix, Reddit, Twitter, Urban Airship, OpenX, and more.

Tracked as CVE-2021-44521, the vulnerability only affects non-default database configurations, which could lead to complete compromise of the affected system. This vulnerability received a score of 8.4/10 according to the Common Vulnerability Scoring System (CVSS), according to Jfrog specialists.

The flaw only occurs if the functionality to create user-defined functions (UDFs) for custom data processing is enabled in Cassandra, and can only be abused if the attacker has sufficient permissions to create these UDFs. This is not a default setting and has been documented as insecure before.

The UDF function in Cassandra can be written in Java and JavaScript, and the latter uses the Nashorn engine, so it is not guaranteed to be secure when accepting code that is not trusted and it would be best to run it in a secure environment.

While Caszandra implements a sandbox to restrict UDF code, by enabling some optional settings threat actors could abuse the Nashorn engine to escape the secure environment and execute remote code on the affected system.

Cassandra deployments are vulnerable when configured to allow UDF scripts, but not UDF threads. By default, UDF threads are enabled, which means that each invoked UDF function runs on a separate thread. When UDFs are enabled, all users can create and run arbitrary UDFs, including those who logged on anonymously.

In its white paper on CVE-2021-44521, Jfrog detailed a process that allowed evading Cassandra’s sandbox environment, demonstrated in its proof of concept (PoC). The security firm also noted the identification of some other flaws, including denial-of-service (DoS) attacks and other RCE vulnerabilities.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post CVE-2021-44521: Critical code execution vulnerability in Apache Cassandra (CVSS score of 8.4) appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

Eight vulnerabilities in 16 URL parsing libraries written in C, JavaScript, PHP, Python and Ruby; hackers could deploy DoS and RCE attacks against thousands of web applications

Cybersecurity specialists report the detection of at least eight critical vulnerabilities in…

3 XSS vulnerabilities in IBM Security QRadar SOAR: Update immediately

Cybersecurity specialists reported the detection of multiple vulnerabilities in IBM Security QRadar…

Clients using Magento 1 e-commerce platform are getting hacked

In its latest security alert, Adobe asked users of the Magento 1…

Critical buffer overflow vulnerability in Vim text editor. Update your servers

Information security specialists report the detection of a severe vulnerability in Vim,…