{"id":1096572,"date":"2024-01-11T13:41:56","date_gmt":"2024-01-11T15:41:56","guid":{"rendered":"https:\/\/teknomers.com\/fr\/un-nouvel-exploit-poc-pour-la-vulnerabilite-apache-ofbiz-presente-un-risque-pour-les-systemes-erp\/"},"modified":"2024-01-11T13:42:00","modified_gmt":"2024-01-11T15:42:00","slug":"un-nouvel-exploit-poc-pour-la-vulnerabilite-apache-ofbiz-presente-un-risque-pour-les-systemes-erp","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/un-nouvel-exploit-poc-pour-la-vulnerabilite-apache-ofbiz-presente-un-risque-pour-les-systemes-erp\/","title":{"rendered":"Un nouvel exploit PoC pour la vuln\u00e9rabilit\u00e9 Apache OfBiz pr\u00e9sente un risque pour les syst\u00e8mes ERP"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">11 janvier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ Cyberattaque<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Un-nouvel-exploit-PoC-pour-la-vulnerabilite-Apache-OfBiz-presente.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Les chercheurs en cybers\u00e9curit\u00e9 ont <a rel=\"nofollow noopener\" href=\"https:\/\/vulncheck.com\/blog\/ofbiz-cve-2023-51467\" target=\"_blank\">d\u00e9velopp\u00e9<\/a> un code de preuve de concept (PoC) qui exploite une faille critique r\u00e9cemment r\u00e9v\u00e9l\u00e9e dans le syst\u00e8me open source Enterprise Resource Planning (ERP) Apache OfBiz pour ex\u00e9cuter une charge utile r\u00e9sidant en m\u00e9moire.<\/p>\n<p>La vuln\u00e9rabilit\u00e9 en question est <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-51467\" target=\"_blank\">CVE-2023-51467<\/a> (score CVSS : 9,8), un contournement pour une autre lacune grave du m\u00eame logiciel (<a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-49070\" target=\"_blank\">CVE-2023-49070<\/a>score CVSS : 9,8) qui pourrait \u00eatre utilis\u00e9e pour contourner l&#8217;authentification et ex\u00e9cuter du code arbitraire \u00e0 distance.<\/p>\n<p>Alors qu&#8217;il a \u00e9t\u00e9 r\u00e9par\u00e9 dans <a rel=\"nofollow noopener\" href=\"https:\/\/ofbiz.apache.org\/security.html\" target=\"_blank\">Apache OFbiz version 18.12.11<\/a> publi\u00e9 le mois dernier, des acteurs malveillants ont \u00e9t\u00e9 observ\u00e9s tentant d&#8217;exploiter la faille, ciblant les instances vuln\u00e9rables.<\/p>\n<p>Les derni\u00e8res d\u00e9couvertes de VulnCheck montrent que CVE-2023-51467 peut \u00eatre exploit\u00e9 pour ex\u00e9cuter une charge utile directement depuis la m\u00e9moire, ne laissant que peu ou pas de traces d&#8217;activit\u00e9 malveillante.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/BHcgTukm\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1704092918_732_Nouveau-JinxLoader-ciblant-les-utilisateurs-avec-les-logiciels-malveillants-Formbook.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Failles de s\u00e9curit\u00e9 divulgu\u00e9es dans Apache OFBiz (par exemple, <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-9496\" target=\"_blank\">CVE-2020-9496<\/a>) ont \u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/cujo.com\/blog\/the-sysrv-botnet-and-how-it-evolved\/\" target=\"_blank\">exploit\u00e9<\/a> par des acteurs malveillants dans le pass\u00e9, y compris par des acteurs malveillants associ\u00e9s au botnet Sysrv.  Encore un bug vieux de trois ans dans le logiciel (<a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-29200\" target=\"_blank\">CVE-2021-29200<\/a>) a <a rel=\"nofollow noopener\" href=\"https:\/\/viz.greynoise.io\/tag\/apache-ofbiz-deserialization-rce-attempt?days=30\" target=\"_blank\">\u00e9t\u00e9 t\u00e9moin<\/a> tentatives d&#8217;exploitation \u00e0 partir de 29 adresses IP uniques au cours des 30 derniers jours, selon les donn\u00e9es de GreyNoise.<\/p>\n<p>De plus, Apache OFBiz a \u00e9galement \u00e9t\u00e9 l&#8217;un des premiers produits \u00e0 disposer d&#8217;un <a rel=\"nofollow noopener\" href=\"https:\/\/attackerkb.com\/topics\/in9sPR2Bzt\/cve-2021-44228-log4shell\/rapid7-analysis\" target=\"_blank\">exploit public<\/a> pour Log4Shell (CVE-2021-44228), illustrant qu&#8217;il continue d&#8217;int\u00e9resser \u00e0 la fois les d\u00e9fenseurs et les attaquants.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1704987715_155_Un-nouvel-exploit-PoC-pour-la-vulnerabilite-Apache-OfBiz-presente.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1704987715_155_Un-nouvel-exploit-PoC-pour-la-vulnerabilite-Apache-OfBiz-presente.jpg\" alt=\"Vuln\u00e9rabilit\u00e9 Apache OfBiz\" border=\"0\" data-original-height=\"430\" data-original-width=\"728\" title=\"Vuln\u00e9rabilit\u00e9 Apache OfBiz\"\/><\/a><\/div>\n<p>CVE-2023-51467 ne fait pas exception, avec des d\u00e9tails sur un <a rel=\"nofollow noopener\" href=\"https:\/\/y4tacker.github.io\/2023\/12\/27\/year\/2023\/12\/Apache-OFBiz%E6%9C%AA%E6%8E%88%E6%9D%83%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%B5%85%E6%9E%90-CVE-2023-51467\/\" target=\"_blank\">point de terminaison d&#8217;ex\u00e9cution de code \u00e0 distance<\/a> (&#8220;\/webtools\/control\/ProgramExport&#8221;) ainsi que <a rel=\"nofollow noopener\" href=\"https:\/\/xz.aliyun.com\/t\/13211?time__1311=mqmxnDBD9AYDq40vd4%2BxCwuQUG8WHaK1e4D\" target=\"_blank\">PoC pour l&#8217;ex\u00e9cution des commandes<\/a> \u00e9mergeant quelques jours seulement apr\u00e8s la divulgation publique.<\/p>\n<p>Bien que les garde-corps de s\u00e9curit\u00e9 (c.-\u00e0-d. <a rel=\"nofollow noopener\" href=\"https:\/\/issues.apache.org\/jira\/browse\/OFBIZ-12305\" target=\"_blank\">Un bac \u00e0 sable g\u00e9nial<\/a>) ont \u00e9t\u00e9 \u00e9rig\u00e9s de telle sorte qu&#8217;ils <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/apache\/ofbiz-framework\/blob\/9bd538be3eef75eba33ae1c40e88ba7f90b2bdce\/framework\/security\/config\/security.properties#L274\" target=\"_blank\">bloquer toute tentative<\/a> Pour t\u00e9l\u00e9charger des shells Web arbitraires ou ex\u00e9cuter du code Java via le point de terminaison, la nature incompl\u00e8te du bac \u00e0 sable signifie qu&#8217;un attaquant pourrait ex\u00e9cuter des commandes curl et obtenir un shell invers\u00e9 bash sur les syst\u00e8mes Linux.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/3UvK59NV\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Nouveau-JinxLoader-ciblant-les-utilisateurs-avec-les-logiciels-malveillants-Formbook.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;Pour un attaquant avanc\u00e9, cependant, ces charges utiles ne sont pas id\u00e9ales&#8221;, a d\u00e9clar\u00e9 Jacob Baines, directeur de la technologie de VulnCheck.  &#8220;Ils touchent le disque et s&#8217;appuient sur un comportement sp\u00e9cifique \u00e0 Linux.&#8221;<\/p>\n<p>Le <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/vulncheck-oss\/cve-2023-51467\" target=\"_blank\">Exploit bas\u00e9 sur Go<\/a> con\u00e7ue par VulnCheck est une solution multiplateforme qui fonctionne \u00e0 la fois sous Windows et Linux et qui contourne la liste noire en tirant parti de <a rel=\"nofollow noopener\" href=\"https:\/\/docs.groovy-lang.org\/latest\/html\/api\/groovy\/util\/Eval.html\" target=\"_blank\">Fonctions groovy.util.Eval<\/a> pour lancer un shell invers\u00e9 Nashorn en m\u00e9moire comme charge utile.<\/p>\n<p>&#8220;OFBiz n&#8217;est pas tr\u00e8s populaire, mais il a \u00e9t\u00e9 exploit\u00e9 dans le pass\u00e9. Il y a beaucoup de battage m\u00e9diatique autour de CVE-2023-51467, mais aucune charge utile publique militaris\u00e9e, ce qui remet en question si cela \u00e9tait m\u00eame possible&#8221;, a d\u00e9clar\u00e9 Baines.  &#8220;Nous avons conclu que non seulement c&#8217;est possible, mais que nous pouvons r\u00e9aliser une ex\u00e9cution arbitraire de code en m\u00e9moire.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/01\/new-poc-exploit-for-apache-ofbiz.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80211 janvier 2024\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9 \/ Cyberattaque Les chercheurs en cybers\u00e9curit\u00e9 ont d\u00e9velopp\u00e9 un code de preuve de concept (PoC) qui exploite une faille critique r\u00e9cemment r\u00e9v\u00e9l\u00e9e dans le syst\u00e8me open source Enterprise Resource Planning (ERP) Apache OfBiz pour ex\u00e9cuter une charge utile r\u00e9sidant en m\u00e9moire. La vuln\u00e9rabilit\u00e9 en question est CVE-2023-51467 (score CVSS : 9,8), un [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1096573,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,43333,4168,4165,4161,200267,74589,3010,4159,4171,65,200271,200268,716,200269,200270,221841,54039,185,1085,326,128318,4172,4169,5046,4166,3667,4164],"class_list":["post-1096572","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-apache","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-erp","tag-exploit","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvel","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-ofbiz","tag-poc","tag-pour","tag-presente","tag-risque","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-systemes","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1096572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1096572"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1096572\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1096573"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1096572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1096572"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1096572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}