'[oss-security] CVE-2021-33191: Apache NiFi - MiNiFi C++: MiNiFi CPP arbitrary script execution is po'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-33191: Apache NiFi - MiNiFi C++: MiNiFi CPP arbitrary script execution is po
From:       Arpad Boda <aboda () apache ! org>
Date:       2021-08-24 8:32:18
Message-ID: b9120cdb-8cca-699e-bcc2-f4e173b1f2bc () apache ! org
[Download RAW message or body]

Description:

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command \
which was designed to patch the application binary.  This "patching" command defaults to \
calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" \
command. Said command is then executed using the same privileges as the application binary.  \
This was addressed in version 0.10.0

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic