Apache Hadoop is prone to a remote privilege-escalation vulnerability.
A remote attacker can exploit this issue to execute arbitrary command with root privileges.
Apache Hadoop 3.0.0-alpha1 through 3.1.0, 2.9.0 through 2.9.1, 2.2.0 through 2.8.4 are vulnerable.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
| Bugtraq ID: | 108518 |
| Class: | Input Validation Error |
| CVE: | CVE-2018-8029 |
| Remote: | Yes |
| Local: | No |
| Published: | May 30 2019 12:00AM |
| Updated: | May 30 2019 12:00AM |
| Credit: | Akira Ajisaka |
| Vulnerable: | Apache Hadoop 3.0.1 Apache Hadoop 2.9.1 Apache Hadoop 2.9 Apache Hadoop 2.8.4 Apache Hadoop 2.8.3 Apache Hadoop 2.8.2 Apache Hadoop 2.8 Apache Hadoop 2.7.7 Apache Hadoop 2.7.6 Apache Hadoop 2.7.5 Apache Hadoop 2.7.4 Apache Hadoop 2.7.2 Apache Hadoop 2.7.1 Apache Hadoop 2.7 Apache Hadoop 2.6.4 Apache Hadoop 2.6.3 Apache Hadoop 2.6 Apache Hadoop 3.0.0-beta1 Apache Hadoop 3.0.0-alpha3 Apache Hadoop 3.0.0-alpha2 Apache Hadoop 3.0.0-alpha1 Apache Hadoop 3.0.0-alpha Apache Hadoop 2.7.3 Apache Hadoop 2.7.0-3 Apache Hadoop 2.6.5 Apache Hadoop 2.5.2 Apache Hadoop 2.5.1 Apache Hadoop 2.5.0 Apache Hadoop 2.4.1 Apache Hadoop 2.3.0 Apache Hadoop 2.2.0 |
| Not Vulnerable: | Apache Hadoop 3.1.1 Apache Hadoop 2.9.2 Apache Hadoop 2.8.5 |
References:
- Apache Homepage (Apache)
- CVE-2018-8029: Apache Hadoop Privilege escalation vulnerability (Seclists.org)
from SecurityFocus Vulnerabilities http://bit.ly/2XlyRu3
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.