{"id":1136356,"date":"2024-02-06T17:03:30","date_gmt":"2024-02-06T19:03:30","guid":{"rendered":"https:\/\/teknomers.com\/fr\/des-experts-detaillent-les-nouvelles-failles-des-services-azure-hdinsight-spark-kafka-et-hadoop\/"},"modified":"2024-02-06T17:03:34","modified_gmt":"2024-02-06T19:03:34","slug":"des-experts-detaillent-les-nouvelles-failles-des-services-azure-hdinsight-spark-kafka-et-hadoop","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/des-experts-detaillent-les-nouvelles-failles-des-services-azure-hdinsight-spark-kafka-et-hadoop\/","title":{"rendered":"Des experts d\u00e9taillent les nouvelles failles des services Azure HDInsight Spark, Kafka et Hadoop"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">06 f\u00e9vrier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9\/S\u00e9curit\u00e9 du Cloud<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/Des-experts-detaillent-les-nouvelles-failles-des-services-Azure-HDInsight.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Trois nouvelles vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 ont \u00e9t\u00e9 d\u00e9couvertes dans Apache d&#8217;Azure HDInsight <a rel=\"nofollow noopener\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/hdinsight\/hadoop\/apache-hadoop-introduction\" target=\"_blank\">Hadoop<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/hdinsight\/kafka\/apache-kafka-introduction\" target=\"_blank\">Kafka<\/a>et <a rel=\"nofollow noopener\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/hdinsight\/spark\/apache-spark-overview\" target=\"_blank\">\u00c9tincelle<\/a> services qui pourraient \u00eatre exploit\u00e9s pour obtenir une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service d&#8217;expression r\u00e9guli\u00e8re (<a rel=\"nofollow noopener\" href=\"https:\/\/owasp.org\/www-community\/attacks\/Regular_expression_Denial_of_Service_-_ReDoS\" target=\"_blank\">ReDoS<\/a>) condition.<\/p>\n<p>&#8220;Les nouvelles vuln\u00e9rabilit\u00e9s affectent tout utilisateur authentifi\u00e9 des services Azure HDInsight tels qu&#8217;Apache Ambari et Apache Oozie&#8221;, a d\u00e9clar\u00e9 Lidor Ben Shitrit, chercheur en s\u00e9curit\u00e9 chez Orca. <a rel=\"nofollow noopener\" href=\"https:\/\/orca.security\/resources\/blog\/azure-hd-insight-vulnerabilities-privilege-escalation\/\" target=\"_blank\">dit<\/a> dans un rapport technique partag\u00e9 avec The Hacker News.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tl_d1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Les-attaques-DDoS-contre-le-secteur-des-services-environnementaux-augmentent.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>La liste des d\u00e9fauts est la suivante &#8211;<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36419\" target=\"_blank\"><strong>CVE-2023-36419<\/strong><\/a>  (score CVSS : 8,8) &#8211; Azure HDInsight Apache Oozie Workflow Scheduler XML External Entity (XXE) Vuln\u00e9rabilit\u00e9 d&#8217;\u00e9l\u00e9vation de privil\u00e8ges par injection<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-38156\" target=\"_blank\"><strong>CVE-2023-38156<\/strong><\/a>  (score CVSS : 7,2) &#8211; Azure HDInsight Apache Ambari Java Database Connectivity (JDBC) Vuln\u00e9rabilit\u00e9 d&#8217;\u00e9l\u00e9vation de privil\u00e8ges par injection<\/li>\n<li>Vuln\u00e9rabilit\u00e9 de d\u00e9ni de service (ReDoS) dans les expressions r\u00e9guli\u00e8res Azure HDInsight Apache Oozie (pas de CVE)<\/li>\n<\/ul>\n<p>Les deux failles d&#8217;\u00e9l\u00e9vation de privil\u00e8ges pourraient \u00eatre exploit\u00e9es par un attaquant authentifi\u00e9 ayant acc\u00e8s au cluster HDI cible pour envoyer une requ\u00eate r\u00e9seau sp\u00e9cialement con\u00e7ue et obtenir les privil\u00e8ges d&#8217;administrateur du cluster.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/1707246209_59_Des-experts-detaillent-les-nouvelles-failles-des-services-Azure-HDInsight.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/1707246209_59_Des-experts-detaillent-les-nouvelles-failles-des-services-Azure-HDInsight.jpg\" alt=\"Services Azure HDInsight Spark, Kafka et Hadoop\" border=\"0\" data-original-height=\"720\" data-original-width=\"728\" title=\"Services Azure HDInsight Spark, Kafka et Hadoop\"\/><\/a><\/div>\n<p>La faille XXE est le r\u00e9sultat d&#8217;un manque de validation des entr\u00e9es utilisateur permettant la lecture de fichiers au niveau racine et l&#8217;\u00e9l\u00e9vation des privil\u00e8ges, tandis que la faille d&#8217;injection JDBC pourrait \u00eatre utilis\u00e9e comme arme pour obtenir un shell invers\u00e9 en tant que root.<\/p>\n<p>&#8220;La vuln\u00e9rabilit\u00e9 ReDoS sur Apache Oozie \u00e9tait caus\u00e9e par un manque de validation des entr\u00e9es et d&#8217;application des contraintes, et permettait \u00e0 un attaquant de demander une large gamme d&#8217;ID d&#8217;action et de provoquer une op\u00e9ration en boucle intensive, conduisant \u00e0 un d\u00e9ni de service (DoS). &#8220;, a expliqu\u00e9 Ben Shitrit.<\/p>\n<p>Une exploitation r\u00e9ussie de la vuln\u00e9rabilit\u00e9 ReDoS pourrait entra\u00eener une perturbation des op\u00e9rations du syst\u00e8me, entra\u00eener une d\u00e9gradation des performances et avoir un impact n\u00e9gatif sur la disponibilit\u00e9 et la fiabilit\u00e9 du service.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tcepdHrZ\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/Avertissement-de-nouveaux-logiciels-malveillants-apparaissent-lors-dattaques-exploitant-les.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Suite \u00e0 une divulgation responsable, Microsoft a d\u00e9ploy\u00e9 des correctifs dans le cadre de <a rel=\"nofollow noopener\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/hdinsight\/hdinsight-release-notes\" target=\"_blank\">mises \u00e0 jour<\/a> sorti le 26 octobre 2023.<\/p>\n<p>Le d\u00e9veloppement arrive pr\u00e8s de cinq mois apr\u00e8s qu&#8217;Orca a d\u00e9taill\u00e9 une s\u00e9rie de huit failles dans le service d&#8217;analyse open source qui pourraient \u00eatre exploit\u00e9es pour l&#8217;acc\u00e8s aux donn\u00e9es, le d\u00e9tournement de session et la fourniture de charges utiles malveillantes.<\/p>\n<p>En d\u00e9cembre 2023, Orca \u00e9galement <a rel=\"nofollow noopener\" href=\"https:\/\/orca.security\/resources\/blog\/unauthenticated-access-to-google-cloud-dataproc\/\" target=\"_blank\">Soulign\u00e9<\/a> un \u00ab risque d&#8217;abus potentiel \u00bb affectant les clusters Google Cloud Dataproc qui profitent du manque de contr\u00f4les de s\u00e9curit\u00e9 dans les interfaces Web d&#8217;Apache Hadoop et des param\u00e8tres par d\u00e9faut lors de la cr\u00e9ation de ressources pour acc\u00e9der \u00e0 toutes les donn\u00e9es sur le syst\u00e8me de fichiers distribu\u00e9s Apache Hadoop (HDFS) sans aucune authentification.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/02\/high-severity-flaws-found-in-azure.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80206 f\u00e9vrier 2024\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9\/S\u00e9curit\u00e9 du Cloud Trois nouvelles vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 ont \u00e9t\u00e9 d\u00e9couvertes dans Apache d&#8217;Azure HDInsight Hadoop, Kafkaet \u00c9tincelle services qui pourraient \u00eatre exploit\u00e9s pour obtenir une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service d&#8217;expression r\u00e9guli\u00e8re (ReDoS) condition. &#8220;Les nouvelles vuln\u00e9rabilit\u00e9s affectent tout utilisateur authentifi\u00e9 des services Azure HDInsight tels qu&#8217;Apache Ambari et [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1136357,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,21082,4168,4165,4161,200267,133,38951,692,4806,224087,204081,171974,4159,4171,65,200271,200268,120,200269,200270,128318,4172,4169,3831,79226,4166,4164],"class_list":["post-1136356","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-azure","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-des","tag-detaillent","tag-experts","tag-failles","tag-hadoop","tag-hdinsight","tag-kafka","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-services","tag-spark","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1136356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1136356"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1136356\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1136357"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1136356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1136356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1136356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}