[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-33191: Apache NiFi - MiNiFi C++: MiNiFi CPP arbitrary script execution is po
From: Arpad Boda <aboda () apache ! org>
Date: 2021-08-24 8:32:18
Message-ID: b9120cdb-8cca-699e-bcc2-f4e173b1f2bc () apache ! org
[Download RAW message or body]
Description:
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command \
which was designed to patch the application binary. This "patching" command defaults to \
calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" \
command. Said command is then executed using the same privileges as the application binary. \
This was addressed in version 0.10.0
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic