QID 375540

Date Published: 2021-06-29

QID 375540: Apache Hadoop Privilege Escalation Vulnerability

Apache Hadoop is an open-source software framework used for distributed storage and processing of big data sets using the MapReduce programming model.

CVE-2017-3161: ebHDFS client might send SPNEGO authorization header to remote URL without proper verification. A crafty user can trigger services to send server credentials to a webhdfs path for capturing the service principal.

Affected Versions:
Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, 2.0.0-alpha to 2.10.0

QID Detection Logic:
This QID matches the versions of vulnerable Apache Hadoop installations by launching a Hadoop version request.

Successful exploitation could allows privilege escalation.

  • CVSS V3 rated as Critical - 8.8 severity.
  • CVSS V2 rated as High - 6.5 severity.
    • Solution
    Customers are advised to upgrade to Apache Hadoop 3.3.0, 3.2.2, 3.1.4, 2.10.1 or later versions to remediate these vulnerabilities.

    Workaround:
    Set different http signature secrets and use dedicated hosts for each privileged impersonation service (such as HiveServer2).

    Vendor References

    CVEs related to QID 375540

    CVE-2020-9492 |
    Software Advisories
    Advisory ID Software Component Link
    Apache Hadoop URL Logo lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].