cnvd - cnvd-2020-34445

cnvd-2020-34445

Vulnerability from cnvd

Title: Apache Spark远程代码执行漏洞

Description:

Apache Spark是专为大规模数据处理而设计的快速通用的计算引擎。Apache Spark是一种与 Hadoop 相似的开源集群计算环境，启用了内存分布数据集，除了能够提供交互式查询外，它还可以优化迭代工作负载。

Apache Spark存在远程代码执行漏洞。该漏洞是由于Spark的认证机制存在缺陷，导致共享密钥认证失效。攻击者利用该漏洞在未授权的情况下，远程发送精心构造的过程调用指令，启动Spark集群上的应用程序资源，获得目标服务器的权限，实现远程代码执行。

Severity: 高

Patch Name: Apache Spark远程代码执行漏洞的补丁

Patch Description:

Apache Spark存在远程代码执行漏洞。该漏洞是由于Spark的认证机制存在缺陷，导致共享密钥认证失效。攻击者利用该漏洞在未授权的情况下，远程发送精心构造的过程调用指令，启动Spark集群上的应用程序资源，获得目标服务器的权限，实现远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

Apache官方已发布新版本修复此漏洞，CNVD建议用户立即升级至最新版本： https://github.com/apache/spark/releases

Reference: https://github.com/apache/spark/releases

Impacted products

Name
Apache Spark <=2.4.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9480"
    }
  },
  "description": "Apache Spark\u662f\u4e13\u4e3a\u5927\u89c4\u6a21\u6570\u636e\u5904\u7406\u800c\u8bbe\u8ba1\u7684\u5feb\u901f\u901a\u7528\u7684\u8ba1\u7b97\u5f15\u64ce\u3002Apache Spark\u662f\u4e00\u79cd\u4e0e Hadoop \u76f8\u4f3c\u7684\u5f00\u6e90\u96c6\u7fa4\u8ba1\u7b97\u73af\u5883\uff0c\u542f\u7528\u4e86\u5185\u5b58\u5206\u5e03\u6570\u636e\u96c6\uff0c\u9664\u4e86\u80fd\u591f\u63d0\u4f9b\u4ea4\u4e92\u5f0f\u67e5\u8be2\u5916\uff0c\u5b83\u8fd8\u53ef\u4ee5\u4f18\u5316\u8fed\u4ee3\u5de5\u4f5c\u8d1f\u8f7d\u3002\n\nApache Spark\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eSpark\u7684\u8ba4\u8bc1\u673a\u5236\u5b58\u5728\u7f3a\u9677\uff0c\u5bfc\u81f4\u5171\u4eab\u5bc6\u94a5\u8ba4\u8bc1\u5931\u6548\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u672a\u6388\u6743\u7684\u60c5\u51b5\u4e0b\uff0c\u8fdc\u7a0b\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684\u8fc7\u7a0b\u8c03\u7528\u6307\u4ee4\uff0c\u542f\u52a8Spark\u96c6\u7fa4\u4e0a\u7684\u5e94\u7528\u7a0b\u5e8f\u8d44\u6e90\uff0c\u83b7\u5f97\u76ee\u6807\u670d\u52a1\u5668\u7684\u6743\u9650\uff0c\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "Apache\u5b98\u65b9\u5df2\u53d1\u5e03\u65b0\u7248\u672c\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0cCNVD\u5efa\u8bae\u7528\u6237\u7acb\u5373\u5347\u7ea7\u81f3\u6700\u65b0\u7248\u672c\uff1a\r\nhttps://github.com/apache/spark/releases",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-34445",
  "openTime": "2020-06-23",
  "patchDescription": "Apache Spark\u662f\u4e13\u4e3a\u5927\u89c4\u6a21\u6570\u636e\u5904\u7406\u800c\u8bbe\u8ba1\u7684\u5feb\u901f\u901a\u7528\u7684\u8ba1\u7b97\u5f15\u64ce\u3002Apache Spark\u662f\u4e00\u79cd\u4e0e Hadoop \u76f8\u4f3c\u7684\u5f00\u6e90\u96c6\u7fa4\u8ba1\u7b97\u73af\u5883\uff0c\u542f\u7528\u4e86\u5185\u5b58\u5206\u5e03\u6570\u636e\u96c6\uff0c\u9664\u4e86\u80fd\u591f\u63d0\u4f9b\u4ea4\u4e92\u5f0f\u67e5\u8be2\u5916\uff0c\u5b83\u8fd8\u53ef\u4ee5\u4f18\u5316\u8fed\u4ee3\u5de5\u4f5c\u8d1f\u8f7d\u3002\r\n\r\nApache Spark\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eSpark\u7684\u8ba4\u8bc1\u673a\u5236\u5b58\u5728\u7f3a\u9677\uff0c\u5bfc\u81f4\u5171\u4eab\u5bc6\u94a5\u8ba4\u8bc1\u5931\u6548\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u672a\u6388\u6743\u7684\u60c5\u51b5\u4e0b\uff0c\u8fdc\u7a0b\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684\u8fc7\u7a0b\u8c03\u7528\u6307\u4ee4\uff0c\u542f\u52a8Spark\u96c6\u7fa4\u4e0a\u7684\u5e94\u7528\u7a0b\u5e8f\u8d44\u6e90\uff0c\u83b7\u5f97\u76ee\u6807\u670d\u52a1\u5668\u7684\u6743\u9650\uff0c\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Spark\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Spark \u003c=2.4.5"
  },
  "referenceLink": "https://github.com/apache/spark/releases",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-23",
  "title": "Apache Spark\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2020-9480 (GCVE-0-2020-9480)

Vulnerability from cvelistv5

Published

2020-06-23 21:50

Modified

2024-08-04 10:26

Severity ?

CWE

Remote Code Execution

Summary

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).

References

▼	URL	Tags
	https://spark.apache.org/security.html#CVE-2020-9480	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/r03ad9fe7c07d6039fba9f2152d345274473cb0af3d8a4794a6645f4b%40%3Cuser.spark.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/ree9e87aae81852330290a478692e36ea6db47a52a694545c7d66e3e2%40%3Cdev.spark.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rb3956440747e41940d552d377d50b144b60085e7ff727adb0e575d8d%40%3Ccommits.submarine.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/ra0e62a18ad080c4ce6df5e0202a27eaada75222761efc3f7238b5a3b%40%3Ccommits.doris.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Spark	Version: Apache Spark 2.4.5 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:26:16.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://spark.apache.org/security.html#CVE-2020-9480"
          },
          {
            "name": "[spark-user] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03ad9fe7c07d6039fba9f2152d345274473cb0af3d8a4794a6645f4b%40%3Cuser.spark.apache.org%3E"
          },
          {
            "name": "[spark-dev] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ree9e87aae81852330290a478692e36ea6db47a52a694545c7d66e3e2%40%3Cdev.spark.apache.org%3E"
          },
          {
            "name": "[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #475: There is a vulnerability in Apache Spark 2.3.4,upgrade recommended",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb3956440747e41940d552d377d50b144b60085e7ff727adb0e575d8d%40%3Ccommits.submarine.apache.org%3E"
          },
          {
            "name": "[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5593: [FE][Bug] Update Spark version to fix a security issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra0e62a18ad080c4ce6df5e0202a27eaada75222761efc3f7238b5a3b%40%3Ccommits.doris.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Spark",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Spark 2.4.5 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache Spark 2.4.5 and earlier, a standalone resource manager\u0027s master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application\u0027s resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-14T17:20:25",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://spark.apache.org/security.html#CVE-2020-9480"
        },
        {
          "name": "[spark-user] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03ad9fe7c07d6039fba9f2152d345274473cb0af3d8a4794a6645f4b%40%3Cuser.spark.apache.org%3E"
        },
        {
          "name": "[spark-dev] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ree9e87aae81852330290a478692e36ea6db47a52a694545c7d66e3e2%40%3Cdev.spark.apache.org%3E"
        },
        {
          "name": "[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #475: There is a vulnerability in Apache Spark 2.3.4,upgrade recommended",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb3956440747e41940d552d377d50b144b60085e7ff727adb0e575d8d%40%3Ccommits.submarine.apache.org%3E"
        },
        {
          "name": "[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5593: [FE][Bug] Update Spark version to fix a security issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra0e62a18ad080c4ce6df5e0202a27eaada75222761efc3f7238b5a3b%40%3Ccommits.doris.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-9480",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Spark",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Spark 2.4.5 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache Spark 2.4.5 and earlier, a standalone resource manager\u0027s master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application\u0027s resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://spark.apache.org/security.html#CVE-2020-9480",
              "refsource": "CONFIRM",
              "url": "https://spark.apache.org/security.html#CVE-2020-9480"
            },
            {
              "name": "[spark-user] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03ad9fe7c07d6039fba9f2152d345274473cb0af3d8a4794a6645f4b@%3Cuser.spark.apache.org%3E"
            },
            {
              "name": "[spark-dev] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ree9e87aae81852330290a478692e36ea6db47a52a694545c7d66e3e2@%3Cdev.spark.apache.org%3E"
            },
            {
              "name": "[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #475: There is a vulnerability in Apache Spark 2.3.4,upgrade recommended",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb3956440747e41940d552d377d50b144b60085e7ff727adb0e575d8d@%3Ccommits.submarine.apache.org%3E"
            },
            {
              "name": "[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5593: [FE][Bug] Update Spark version to fix a security issue",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra0e62a18ad080c4ce6df5e0202a27eaada75222761efc3f7238b5a3b@%3Ccommits.doris.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-9480",
    "datePublished": "2020-06-23T21:50:51",
    "dateReserved": "2020-03-01T00:00:00",
    "dateUpdated": "2024-08-04T10:26:16.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted