{"id":442020,"date":"2022-11-01T15:05:24","date_gmt":"2022-11-01T17:05:24","guid":{"rendered":"https:\/\/teknomers.com\/fr\/des-chercheurs-divulguent-les-details-de-la-faille-rce-critique-cosmiss-affectant-azure-cosmos-db\/"},"modified":"2022-11-01T15:05:25","modified_gmt":"2022-11-01T17:05:25","slug":"des-chercheurs-divulguent-les-details-de-la-faille-rce-critique-cosmiss-affectant-azure-cosmos-db","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/des-chercheurs-divulguent-les-details-de-la-faille-rce-critique-cosmiss-affectant-azure-cosmos-db\/","title":{"rendered":"Des chercheurs divulguent les d\u00e9tails de la faille RCE critique \u00ab\u00a0CosMiss\u00a0\u00bb affectant Azure Cosmos DB"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Microsoft a d\u00e9clar\u00e9 mardi avoir r\u00e9solu une vuln\u00e9rabilit\u00e9 de contournement d&#8217;authentification dans <a rel=\"nofollow noopener\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/cosmos-db\/notebooks-overview\" target=\"_blank\">Cahiers Jupyter<\/a> pour Azure Cosmos DB qui a permis un acc\u00e8s complet en lecture et en \u00e9criture.<\/p>\n<p>Le g\u00e9ant de la technologie a d\u00e9clar\u00e9 que le probl\u00e8me avait \u00e9t\u00e9 introduit le 12 ao\u00fbt 2022 et corrig\u00e9 dans le monde entier le 6 octobre 2022, deux jours apr\u00e8s la divulgation responsable d&#8217;Orca Security, qui a surnomm\u00e9 la faille. <a rel=\"nofollow noopener\" href=\"https:\/\/orca.security\/resources\/blog\/cosmiss-vulnerability-azure-cosmos-db\/\" target=\"_blank\"><strong>CosMiss<\/strong><\/a>.<\/p>\n<p>&#8220;En bref, si un attaquant avait connaissance du&#8221; forwardingId &#8220;d&#8217;un Notebook, qui est l&#8217;UUID de l&#8217;espace de travail Notebook, il aurait eu toutes les autorisations sur le Notebook sans avoir \u00e0 s&#8217;authentifier, y compris l&#8217;acc\u00e8s en lecture et en \u00e9criture, et la possibilit\u00e9 de modifier le syst\u00e8me de fichiers du conteneur ex\u00e9cutant l&#8217;ordinateur portable \u00bb, ont d\u00e9clar\u00e9 les chercheurs Lidor Ben Shitrit et Roee Sagi.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"376\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/11\/1667322324_812_Des-chercheurs-divulguent-les-details-de-la-faille-RCE-critique.jpg\" \/><\/div>\n<p>Cette modification du conteneur pourrait finalement ouvrir la voie \u00e0 l&#8217;ex\u00e9cution de code \u00e0 distance dans le conteneur Notebook en \u00e9crasant un fichier Python associ\u00e9 au <a rel=\"nofollow noopener\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/cosmos-db\/data-explorer\" target=\"_blank\">Explorateur Cosmos DB<\/a> pour faire appara\u00eetre un shell invers\u00e9.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/11\/Des-chercheurs-divulguent-les-details-de-la-faille-RCE-critique.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>L&#8217;exploitation r\u00e9ussie de la faille n\u00e9cessite cependant que l&#8217;adversaire soit en possession de l&#8217;unique forwardingId de 128 bits et qu&#8217;il soit utilis\u00e9 dans une fen\u00eatre d&#8217;une heure, apr\u00e8s quoi le Notebook temporaire est automatiquement supprim\u00e9.<\/p>\n<p>&#8220;La vuln\u00e9rabilit\u00e9, m\u00eame avec la connaissance de l&#8217;ID de transfert, ne permettait pas d&#8217;ex\u00e9cuter des blocs-notes, d&#8217;enregistrer automatiquement des blocs-notes dans le r\u00e9f\u00e9rentiel GitHub connect\u00e9 (facultatif) de la victime ou d&#8217;acc\u00e9der aux donn\u00e9es du compte Azure Cosmos DB&#8221;, Redmond <a rel=\"nofollow noopener\" href=\"https:\/\/msrc-blog.microsoft.com\/2022\/11\/01\/microsoft-mitigates-vulnerability-in-jupyter-notebooks-for-azure-cosmos-db\/\" target=\"_blank\">a dit<\/a>.<\/p>\n<p>Microsoft a not\u00e9 dans son propre avis qu&#8217;il n&#8217;avait identifi\u00e9 aucune preuve d&#8217;activit\u00e9 malveillante, ajoutant qu&#8217;aucune action n&#8217;est requise de la part des clients.  Il a \u00e9galement d\u00e9crit le probl\u00e8me comme &#8220;difficile \u00e0 exploiter&#8221; en raison du caract\u00e8re al\u00e9atoire du forwadingID 128 bits et de sa dur\u00e9e de vie limit\u00e9e.<\/p>\n<p>&#8220;Les clients n&#8217;utilisant pas les notebooks Jupyter (99,8\u00a0% des clients Azure Cosmos DB n&#8217;utilisent PAS les notebooks Jupyter) n&#8217;\u00e9taient pas sensibles \u00e0 cette vuln\u00e9rabilit\u00e9&#8221;, a-t-il ajout\u00e9.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/11\/researchers-disclose-details-of.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft a d\u00e9clar\u00e9 mardi avoir r\u00e9solu une vuln\u00e9rabilit\u00e9 de contournement d&#8217;authentification dans Cahiers Jupyter pour Azure Cosmos DB qui a permis un acc\u00e8s complet en lecture et en \u00e9criture. Le g\u00e9ant de la technologie a d\u00e9clar\u00e9 que le probl\u00e8me avait \u00e9t\u00e9 introduit le 12 ao\u00fbt 2022 et corrig\u00e9 dans le monde entier le 6 octobre [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":442021,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[34911,21082,12848,4168,121201,66327,22,4158,4165,4161,133,5664,121200,9048,4157,4159,4171,4170,65,4167,4160,4163,4162,22778,4172,4169,4166,4164],"class_list":["post-442020","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-affectant","tag-azure","tag-chercheurs","tag-comment-pirater","tag-cosmiss","tag-cosmos","tag-critique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-details","tag-divulguent","tag-faille","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-rce","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/442020","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=442020"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/442020\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/442021"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=442020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=442020"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=442020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}