Rewterz

Rewterz Threat Alert – Remcos RAT – Active IOCs

November 19, 2021
Rewterz

Rewterz Threat Alert – Quasar RAT – Active IOCs

November 22, 2021

Rewterz Threat Advisory – Multiple Apache Ozone Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-36372 

Apache Ozone could allow a remote authenticated attacker to bypass security restrictions, caused by an error when initially generated block tokens are persisted to the metadata database. An attacker could exploit this vulnerability to retrieve block tokens even after access is revoked.

CVE-2021-39231 

Apache Ozone could allow a remote attacker to bypass security restrictions, caused by the availability of various internal server-to-server RPC endpoints for connections. An attacker could exploit this vulnerability to download raw data from Datanode and Ozone manager and modify Ratis replication configuration

CVE-2021-39233 

Apache Ozone could allow a remote attacker to bypass security restrictions, caused by the improper authorization of container related Datanode requests of Ozone Datanode. An attacker could exploit this vulnerability to allow any client to make calls.

CVE-2021-39234 

Apache Ozone could allow a remote authenticated attacker to bypass security restrictions. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass security checks like ACL and gain access to an existing block.

CVE-2021-39235 

Apache Ozone could allow a remote authenticated attacker to bypass security restrictions, caused by the failure to check the access mode parameter of the block token by Ozone Datanode. An attacker could exploit this vulnerability to perform any write operation on the same block.

CVE-2021-39236 

Apache Ozone could allow a remote authenticated attacker to bypass security restrictions. By creating specific OM requests, an attacker could exploit this vulnerability to impersonate any other user.

CVE-2021-41532 

Apache Ozone could allow a remote attacker to obtain sensitive information, caused by a bug in Recon HTTP endpoints. An attacker could exploit this vulnerability to access the data from these endpoints.

Impact

  • Security Bypass
  • Unauthorized Access
  • Information Disclosure

Affected Vendors

Apache

Affected Products

  • Apache Ozone 1.1.0

Remediation

Upgrade to the latest version of Ozone, available from the Apache Website.

https://ozone.apache.org/

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.