RPC: Apache Spark auth-enabled standalone master Command Execution
This signature detects attempts to exploit a known vulnerability against Apache Spark. A successful attack can lead to command injection and arbitrary code execution
Extended Description
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).
Affected Products
Oracle business_intelligence
References
CVE: CVE-2020-9480
Short Name
RPC:APACHE-SPARK-CMD-INJ
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
RPC
Keywords
Apache CVE-2020-9480 Command Execution Spark auth-enabled master standalone
Release Date
09/17/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
Port
TCP/7077
False Positive
Unknown
Vendors
Apache
Oracle
CVSS Score
9.3