[
https://issues.apache.org/jira/browse/IGNITE-8565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ilya Kasnacheev updated IGNITE-8565:
------------------------------------
Labels: vulnerability (was: )
> Arbitrary code execution from GridClientJdkMarshaller
> -----------------------------------------------------
>
> Key: IGNITE-8565
> URL: https://issues.apache.org/jira/browse/IGNITE-8565
> Project: Ignite
> Issue Type: Bug
> Components: binary
> Reporter: Denis A. Magda
> Assignee: Andrey N. Gura
> Priority: Blocker
> Labels: vulnerability
> Fix For: 2.6
>
>
> The reported issue is related to previously discovered and addressed
> vulnerability: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1295
> The vulnerability can be exploited if the one sends a specially prepared form
> of a serialized object to one of the deserialization endpoints of some Ignite
> components.
> It was noticed that some results ended up in the `GridClientJdkMarshaller`,
> which is not protected by the measures that you put in place in
> CVE-2018-1295:
> https://lgtm.com/projects/g/apache/ignite/snapshot/ef232f82e217ed104f1d2be282612727a47c79ee/files/modules/core/src/main/java/org/apache/ignite/internal/client/marshaller/jdk/GridClientJdkMarshaller.java?#L66
> It looks like most of the results go through a polymorphic call of this
> following function (i.e., from the 4th result):
> https://lgtm.com/projects/g/apache/ignite/snapshot/ef232f82e217ed104f1d2be282612727a47c79ee/files/modules/core/src/main/java/org/apache/ignite/internal/client/impl/connection/GridClientConnectionManagerAdapter.java?sort=name&dir=ASC&mode=heatmap&showExcluded=false#L633
> Has to be mitigated using the same approach as in CVE-2018-1295.
> Use the following CVE when will be reporting to Mitre: *CVE-2018-8018*
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
