PT-2012-3349 · Apache+2 · Apache Hadoop+3
Aaron T. Myers
·
Publicado
2012-04-12
·
Atualizado
2022-05-17
·
CVE-2012-1574
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apache Hadoop versions 0.20.203.0 through 0.20.205.0
Apache Hadoop versions 0.23.x before 0.23.2
Apache Hadoop versions 1.0.x before 1.0.2
Cloudera CDH versions CDH3u0 through CDH3u2
Cloudera hadoop-0.20-sbin versions before 0.20.2+923.197
Description
The issue allows remote authenticated users to impersonate arbitrary cluster user accounts. This is related to the Kerberos/MapReduce security functionality in Apache Hadoop.
Recommendations
For Apache Hadoop versions 0.20.203.0 through 0.20.205.0, update to a version outside of this range to resolve the issue.
For Apache Hadoop versions 0.23.x before 0.23.2, update to version 0.23.2 or later.
For Apache Hadoop versions 1.0.x before 1.0.2, update to version 1.0.2 or later.
For Cloudera CDH versions CDH3u0 through CDH3u2, update to a version outside of this range.
For Cloudera hadoop-0.20-sbin versions before 0.20.2+923.197, update to version 0.20.2+923.197 or later.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Apache Hadoop
Cloudera Cdh
Cloudera Hadoop-0.20-Sbin
Kerberos