[
https://issues.apache.org/jira/browse/SOLR-13301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16797332#comment-16797332
]
Gerrit Berberich commented on SOLR-13301:
-----------------------------------------
Sehr geehrte Damen und Herren,
Vielen Dank für Ihre E-Mail.
Ich bin am 21.03.2019 wieder im Haus und werde nur gelegentlich Zugriff auf
meine Mails haben.
Bitte beachten Sie, dass Ihre E-Mail nicht weitergeleitet wird.
In dringenden Fällen wenden Sie sich an den SAP B1- oder IC-Service
(Confluence/Website/Intranet).
itp.sap-b1-servi...@de.ebmpapst.com
it....@de.ebmpapst.com
Dear Sir or Madam,
Thank you for your e-mail.
I'm out of office and will deal with your request personally upon my return on
21.03.2019.
Please note that your e-mail will not be forwarded and I will check my Mails
only occasionally.
If the matter is rather urgent, however you can contact the SAP B1 or
IC-Service (Confluence/Website/Intranet).
Mit freundlichen Grüßen / Best regards
Gerrit Berberich
ebm-papst IT (Mulfingen)
Team Lead Business Solutions
ebm-papst Mulfingen GmbH & Co. KG
Amtstraße 85
74673 Mulfingen – Hollenbach
Phone: +49 (7938) 81 7991
Fax: +49 (7938) 81 97991
gerrit.berber...@de.ebmpapst.com
http://www.ebmpapst.com
ebm-papst Mulfingen GmbH & Co. KG
Sitz der Gesellschaft: Bachmühle 2, D-74673 Mulfingen
Kommanditgesellschaft Sitz Mulfingen: Amtsgericht Stuttgart HRA 590344
Komplementär: Elektrobau Mulfingen GmbH, Sitz Mulfingen, Amtsgericht Stuttgart
HRB 590142
Geschäftsführung: Stefan Brandl (Vorsitzender), Hans Peter Fuchs, Dr. Stephan
Arnold, Thomas Wagner
> [CVE-2019-0192] Deserialization of untrusted data via jmx.serviceUrl
> --------------------------------------------------------------------
>
> Key: SOLR-13301
> URL: https://issues.apache.org/jira/browse/SOLR-13301
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: config-api
> Affects Versions: 5.0, 5.1, 5.2, 5.2.1, 5.3, 5.3.1, 5.3.2, 5.4, 5.4.1,
> 5.5, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 6.0, 6.0.1, 6.1, 6.1.1, 6.2, 6.2.1,
> 6.3, 6.4, 6.4.1, 6.4.2, 6.5, 6.5.1, 6.6, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5
> Reporter: Tomás Fernández Löbbe
> Priority: Critical
> Fix For: 7.0
>
> Attachments: SOLR-13301.patch
>
>
> From the vulnerability reporter:
> {quote}ConfigAPI allows to set a jmx.serviceUrl that will create a new
> [JMXConnectorServerFactory|https://docs.oracle.com/javase/7/docs/api/javax/management/remote/JMXConnectorServerFactory.html]
> and trigger a call with 'bind' operation to a target RMI/LDAP server. A
> malicious RMI server could respond with arbitrary object that will be
> deserialized on the Solr side using java's ObjectInputStream, which is
> considered unsafe. This type of vulnerabilities can be exploited with
> ysoserial tool. Depending on the target classpath, an attacker can use one of
> the "gadget chains" to trigger Remote Code Execution on the Solr side.
> {quote}
> Mitigation:
> Any of the following are enough to prevent this vulnerability:
> * Upgrade to Apache Solr 7.0 or later.
> * Disable the ConfigAPI if not in use, by running Solr with the system
> property {{disable.configEdit=true}}
> * If upgrading or disabling the Config API are not viable options, apply
> [^SOLR-13301.patch] and re-compile Solr.
> * Ensure your network settings are configured so that only trusted traffic
> is allowed to ingress/egress your hosts running Solr.
> Since Solr 7.0, JMX server is no longer configurable via API
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
