#VU16954 Security restrictions bypass in Thrift - CVE-2018-1320

Cybersecurity Help s.r.o.

Published: 2019-01-13

Vulnerability identifier: #VU16954

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-1320

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Thrift
Server applications / Frameworks for developing and running applications

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to gain access to bypass security restrictions.

The vulnerability exists due to unspecified flaw. A remote attacker can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

Mitigation
Update to version 0.12.0.

Vulnerable software versions

Thrift: 0.5.0 - 0.11.0

External links
https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3Cuser.thrift.apache.org%3E

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Security restrictions bypass in IBM Watson Assistant for IBM Cloud Pak for Data

Multiple vulnerabilities in IBM Application Performance Management products

Multiple vulnerabilities in Netcool Operations Insight

Multiple vulnerabilities in IBM Integration Bus

IBM Security Guardium update for Apache Thrift

Multiple vulnerabilities in Red Hat Fuse

Multiple vulnerabilities in Apache Thrift Node.js