Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Serious Flaws Found in Aerospike Database Server

Researchers at Cisco Talos have identified several potentially serious vulnerabilities in Aerospike Database Server, including remote code execution and information disclosure issues. The flaws were reported to Aerospike and addressed. 

Researchers at Cisco Talos have identified several potentially serious vulnerabilities in Aerospike Database Server, including remote code execution and information disclosure issues. The flaws were reported to Aerospike and addressed. 

Aerospike Database Server is an open source NoSQL database solution designed for applications that require high performance. The product is used by several major brands, including Kayak, AppNexus, Adform, adMarketplace and BlueKai.

Cisco’s Talos security intelligence and research group discovered that Aerospace Database Server 3.10.0.3 – and possibly earlier versions – is affected by three vulnerabilities rated critical and high severity.

One of the flaws, tracked as CVE-2016-9054, is a stack-based buffer overflow in the product’s querying functionality, specifically the “as_sindex__simatch_list_set_binid” function. An attacker who can connect to the listening port can remotely execute arbitrary code via a specially crafted packet that triggers the vulnerability.

The second arbitrary code execution flaw, identified as CVE-2016-9052, is very similar, but it affects a different function, namely “as_sindex__simatch_by_iname.”

The third security hole discovered by Cisco Talos researchers in the Aerospace Database Server, tracked as CVE-2016-9050, is an out-of-bounds read issue that exists in the client message-parsing functionality. By sending a specially crafted packet to the listening port, an attacker can trigger the flaw, which can result in memory disclosure or a denial-of-service (DoS) condition.

Aerospike developers were informed about the vulnerabilities on December 23. Release notes show that the code execution weaknesses were addressed on January 5 in version 3.11.0.

Talos has published advisories containing technical details and proof-of-concept (PoC) code for each of the vulnerabilities.

Cisco recently decided to extend the disclosure timeline for vulnerabilities found by Talos researchers from 60 days to 90 days after data collected by the company showed that the average time-to-patch had been 78 days.

Related Reading: Code Execution Flaws Patched in HDF5 Library

Related Reading: OpenJPEG Flaw Allows Code Execution via Malicious Image Files

Related Reading: Hackers Can Exploit LibreOffice Flaw With RTF Files

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.