qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Hadoop-Yarn-RPC-service-una...

137 lines
7.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Hadoop Yarn RPC service unauthorized access rce vulnerability",
"Description": "<p>Yarn is a Hadoop resource manager. It is a general resource management system and scheduling platform that can provide unified resource management and scheduling for upper-level applications.</p><p>The Hadoop Yarn RPC service (open to the outside world by default) has an RCE vulnerability caused by unauthorized access. Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.</p>",
"Product": "Apache-Hadoop",
"Homepage": "https://hadoop.apache.org",
"DisclosureDate": "2021-11-16",
"Author": "keeeee",
"FofaQuery": "app=\"APACHE-hadoop-YARN\"",
"GobyQuery": "app=\"APACHE-hadoop-YARN\"",
"Level": "3",
"Impact": "<p>Attackers can use this vulnerability to execute code arbitrarily on the server side, write backdoors, obtain server permissions, and then control the entire web server.</p>",
"Recommendation": "<p>1.Apache Hadoop officials suggest that users enable Kerberos authentication. The relevant configurations are as follows:</p><pre><code><span role=\"presentation\" style=\"padding-right: 0.1px;\">&lt;property&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;name&gt;hadoop.security.authentication&lt;/name&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;value&gt;kerberos&lt;/value&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;final&gt;false&lt;/final&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;source&gt;core-site.xml&lt;/source&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\">&lt;/property&gt;...</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\">&lt;property&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;name&gt;hadoop.rpc.protection&lt;/name&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;value&gt;authentication&lt;/value&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;final&gt;false&lt;/final&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;source&gt;core-default.xml&lt;/source&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\">&lt;/property&gt;</span></code></pre><p>2.Set the port where the Hadoop RPC service is located to be open only to trusted addresses.</p>",
"References": [
"https://nosec.org/home/detail/4905.html",
"https://help.aliyun.com/noticelist/articleid/1060952286.html",
"https://mp.weixin.qq.com/s/0F06a7GppFz3KV3XNb-Xrg"
],
"Is0day": false,
"Translation": {
"CN": {
"Name": "Hadoop Yarn RPC 服务未授权访问命令执行漏洞",
"Product": "Hadoop-Yarn",
"VulType": [
"命令执行"
],
"Tags": [
"命令执行"
],
"Description": "<p><span style=\"font-size: 16px;\">Yarn 是 Hadoop 资源管理器,它是一个通用资源管理系统和调度平台,可为上层应用提供统一的资源管理和调度。</span><br></p><p><span style=\"font-size: 16px;\">Hadoop Yarn RPC 服务(默认对外开放)存在<span style=\"color: rgb(22, 51, 102); font-size: 16px;\">未授权访问导致的 RCE 漏洞</span>。<span style=\"font-size: 16px;\">攻击者可通过该漏洞在服务器端任意执行代码写入后门获取服务器权限进而控制整个web服务器。</span><br></span></p>",
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">攻击者可通过该漏洞在服务器端任意执行代码写入后门获取服务器权限进而控制整个web服务器。</span><br></p>",
"Recommendation": "<p>1、Apache Hadoop官方建议用户开启Kerberos认证相关配置如下</p><pre><code><span role=\"presentation\" style=\"padding-right: 0.1px;\">&lt;property&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;name&gt;hadoop.security.authentication&lt;/name&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;value&gt;kerberos&lt;/value&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;final&gt;false&lt;/final&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;source&gt;core-site.xml&lt;/source&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\">&lt;/property&gt;...</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\">&lt;property&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;name&gt;hadoop.rpc.protection&lt;/name&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;value&gt;authentication&lt;/value&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;final&gt;false&lt;/final&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\"> &nbsp; &lt;source&gt;core-default.xml&lt;/source&gt;</span><br style=\"box-sizing: content-box;\"><span role=\"presentation\" style=\"padding-right: 0.1px;\">&lt;/property&gt;</span></code></pre><p>2、设置 Hadoop RPC服务所在端口仅对可信地址开放。</p>"
}
},
"HasExp": true,
"ExpParams": [
{
"name": "AttackType",
"type": "select",
"value": "goby_shell_linux,goby_shell_windows"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
""
],
"CNNVD": [
""
],
"CNVD": [
""
],
"CVSSScore": "9.8",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink