CVE-2016-9885 gfsh exposed over go router for GemFire for PCF

Severity

Critical

Vendor

Pivotal

Description

The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters is unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster.

Affected Pivotal Products and Versions

Severity is critical unless otherwise noted.

GemFire for PCF:
- 1.6.x versions prior to 1.6.5
- 1.7.x versions prior to 1.7.1

Mitigation

Users of affected versions should apply the following mitigation:

Upgrade GemFire for PCF:
- 1.6.x versions to 1.6.5 or later
- 1.7.x versions to 1.7.1 or later
After upgrading, we recommend connection to gfsh from a jumpbox inside of your network. Refer to the GemFire documentation for more information.
Use a load balancer in front of the go router to limit the access to the gfsh endpoint such as in the reference architecture provided here.

Credit

This issue was responsibly reported by the GemFire for PCF team.

References

https://network.pivotal.io/products/p-gemfire

History

2017-01-04: Initial vulnerability report published