FreeBSD : cassandra -- remote execution of arbitrary code (607f4d44-0158-11e5-8fda-002590263bf5)

high Nessus Plugin ID 83796

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Jake Luciani reports :

Under its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user.

Mitigation :

1.2.x has reached EOL, so users of <= 1.2.x are recommended to upgrade to a supported version of Cassandra, or manually configure encryption and authentication of JMX, (see https://wiki.apache.org/cassandra/JmxSecurity).

2.0.x users should upgrade to 2.0.14

2.1.x users should upgrade to 2.1.4

Alternately, users of any version not wishing to upgrade can reconfigure JMX/RMI to enable encryption and authentication according to https://wiki.apache.org/cassandra/JmxSecurityor http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent .html

Credit :

This issue was discovered by Georgi Geshev of MWR InfoSecurity

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?7d129bca

http://www.nessus.org/u?3dacb89c

Plugin Details

Severity: High

ID: 83796

File Name: freebsd_pkg_607f4d44015811e58fda002590263bf5.nasl

Version: 2.4

Type: local

Published: 5/26/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cassandra, p-cpe:/a:freebsd:freebsd:cassandra2, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/24/2015

Vulnerability Publication Date: 4/1/2015

Reference Information

CVE: CVE-2015-0225