Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-jc69-hjw2-fm86: com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution

Impact

A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the sslhostnameverifier, socketFactory, sslfactory, and sslpasswordcallback connection properties. In affected versions, the driver does not verify if a plugin class implements the expected interface before instantiatiaton. This can lead to loading of arbitrary Java classes, which a knowledgeable attacker with control over the JDBC URL can use to achieve remote code execution.

Patches

This issue is patched within redshift-jdbc-42 2.1.0.8 and above.

Workarounds

We advise customers using plugins to upgrade to redshift-jdbc42 version 2.1.0.8 or above. There are no known workarounds for this issue.

For more information

If you have any questions or comments about this advisory, please contact AWS Security at [email protected].

ghsa
#amazon#java#rce#aws#ssl

Impact

A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the sslhostnameverifier, socketFactory, sslfactory, and sslpasswordcallback connection properties. In affected versions, the driver does not verify if a plugin class implements the expected interface before instantiatiaton. This can lead to loading of arbitrary Java classes, which a knowledgeable attacker with control over the JDBC URL can use to achieve remote code execution.

Patches

This issue is patched within redshift-jdbc-42 2.1.0.8 and above.

Workarounds

We advise customers using plugins to upgrade to redshift-jdbc42 version 2.1.0.8 or above. There are no known workarounds for this issue.

For more information

If you have any questions or comments about this advisory, please contact AWS Security at [email protected].

References

  • GHSA-jc69-hjw2-fm86
  • aws/amazon-redshift-jdbc-driver@9999659
  • https://nvd.nist.gov/vuln/detail/CVE-2022-41828
  • aws/amazon-redshift-jdbc-driver@40b143b

Related news

GHSA-5c6q-f783-h888: AWS Redshift JDBC Driver fails to validate class type during object instantiation

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. This issue has been fixed in version 2.1.0.8.

CVE-2022-41828: Release of 2.1.0.8 version · aws/amazon-redshift-jdbc-driver@40b143b

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.