Miggo Logo

CVE-2017-9799: Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user

8.8

CVSS Score
3.0

Basic Information

EPSS Score
0.74476%
CWE
-
Published
10/17/2018
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.storm:storm-coremaven= 1.1.01.1.1
org.apache.storm:storm-coremaven>= 1.0.0, < 1.0.41.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper stream handling in Nimbus' downloadChunk function. The patch modifies:

  1. Stream type from BufferFileInputStream to BufferInputStream
  2. Adds explicit stream closure
  3. Improves error messaging

These changes indicate the original implementation allowed:

  • Potential stream reuse/leakage via unclosed BufferFileInputStream
  • Incomplete error context for stream identification

As downloadChunk is part of topology file distribution logic, improper stream management could let attackers interfere with worker process initialization. The function's role in processing topology artifacts makes it the entry point for user-controlled data that could be manipulated to trigger the user context switch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

It w*s *oun* t**t un**r som* situ*tions *n* *on*i*ur*tions o* *p**** Storm *.x ***or* *.*.* *n* *.*.x ***or* *.*.*, it is t**or*ti**lly possi*l* *or t** own*r o* * topolo*y to tri*k t** sup*rvisor to l*un** * work*r *s * *i***r*nt, non-root, us*r. In

Reasoning

T** vuln*r**ility st*ms *rom improp*r str**m **n*lin* in Nim*us' *ownlo****unk *un*tion. T** p*t** mo*i*i*s: *. Str**m typ* *rom *u***r*il*InputStr**m to *u***rInputStr**m *. ***s *xpli*it str**m *losur* *. Improv*s *rror m*ss**in* T**s* ***n**s in*