Potential Risk of CVE

Big data perspective , CVE-2022-24706: Apache CouchDB Remote Privilege Escalation (26th April 2022)

Leave a comment

Preface: NoSQL is used for Big data and real-time web apps. Perhaps if you can manage big data, you can rule the AI zone in future.

Background: NoSQL is used for Big data and real-time web apps. For example, companies like Twitter, Facebook and Google collect terabytes of user data every single day. There are many indexing data structures used in NoSQL databases. For example: B-Tree indexing, T-Tree indexing, and O2-Tree indexing…..

Apache CouchDB is an open source repository that is a file-oriented NoSQL database using JSON as the storage format, JavaScript as the query language, and MapReduce and HTTP as the API. CouchDB accepts queries via a RESTful HTTP API, while MongoDB uses its own query language. CouchDB is written in Erlang. It uses JSON to store data.

Vulnerability details: In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. An attacker can access an improperly secured default installation without authenticating and gain admin privileges.

  1. CouchDB opens a random network port, bound to all available interfaces in anticipation of clustered operation and/or runtime introspection. A utility process called epmd advertises that random port to the network.
    Remark: epmd itself listens on a fixed port.
  2. CouchDB packaging previously chose a default cookie value for single-node as well as clustered installations. That cookie authenticates any communication between Erlang nodes

Workaround: The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

Remediation: Upgrade to version 3.2.2.

Details: CouchDB 3.2.2 and onwards will refuse to start with the former default Erlang cookie value of monster. Installations that upgrade to this versions are forced to choose a different value.

In addition, all binary packages have been updated to bind epmd as
well as the CouchDB distribution port to 127.0.0.1 and/or ::1
respectively.

Please refer to the link for details – https://www.openwall.com/lists/oss-security/2022/04/26/1

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.