oss-sec mailing list archives
CVE-2016-6809: Java code execution for serialized objects embedded in MATLAB files parsed by Apache Solr using Tika
From: Shalin Shekhar Mangar <shalin () apache org>
Date: Thu, 26 Oct 2017 17:15:24 +0530
CVE-2016-6809: Java code execution for serialized objects embedded in MATLAB files parsed by Apache Solr using Tika Severity: Important Vendor: The Apache Software Foundation Versions Affected: Solr 5.0.0 to 5.5.4 Solr 6.0.0 to 6.6.1 Solr 7.0.0 to 7.0.1 Description: Apache Solr uses Apache Tika for parsing binary file types such as doc, xls, pdf etc. Apache Tika wraps the jmatio parser (https://github.com/gradusnikov/jmatio) to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. This vulnerability was originally described at http://mail-archives.apache.org/mod_mbox/tika-user/201611.mbox/%3C2125912914.1308916.1478787314903%40mail.yahoo.com%3E Mitigation: Users are advised to upgrade to either Solr 5.5.5 or Solr 6.6.2 or Solr 7.1.0 releases which have fixed this vulnerability. Solr 5.5.5 upgrades the jmatio parser to v1.2 and disables the Java deserialisation support to protect against this vulnerability. Solr 6.6.2 and Solr 7.1.0 have upgraded the bundled Tika to v1.16. Once upgrade is complete, no other steps are required. References: https://issues.apache.org/jira/browse/SOLR-11486 https://issues.apache.org/jira/browse/SOLR-10335 https://wiki.apache.org/solr/SolrSecurity -- Regards, Shalin Shekhar Mangar.
Current thread:
- CVE-2016-6809: Java code execution for serialized objects embedded in MATLAB files parsed by Apache Solr using Tika Shalin Shekhar Mangar (Oct 26)