#VU12913 Improper authentication in ZooKeeper - CVE-2018-8012

Cybersecurity Help s.r.o.

Published: 2018-05-22

Vulnerability identifier: #VU12913

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-8012

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ZooKeeper
Server applications / Database software

Vendor: Apache Foundation

Description
The vulnerability allows a remote attacker to bypass authentication and write arbitrary files on the target system.

The weakness exists due to missing authentication to join a quorum. A remote attacker can bypass authentication, join the cluster and propagate changes to the cluster leader.

Mitigation
Update to version 3.4.10 or 3.5.4-beta.

Vulnerable software versions

ZooKeeper: 3.4.8 - 3.5.3 beta

External links
https://zookeeper.apache.org/security.html#CVE-2018-8012

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Security Guardium

Multiple vulnerabilities in IBM Planning Analytics Local

Multiple vulnerabilities in IBM PureData System for Operational Analytics

Debian update for zookeeper

Authentication bypass in Apache ZooKeeper