CVE-2012-3376

Name of the Vulnerable Software and Affected Versions Apache Hadoop version 2.0.0 alpha

Description The issue concerns a problem where DataNodes in Apache Hadoop do not properly check BlockTokens of clients when Kerberos is enabled and a specific condition involving BlockPool checkout is met. This could potentially allow remote clients to read arbitrary blocks, write to blocks they only have read access to, and possibly have other unspecified impacts.

Recommendations For Apache Hadoop version 2.0.0 alpha, consider disabling Kerberos or restricting access to the DataNode until a proper fix is available. As a temporary workaround, restrict the checkout of the same BlockPool twice from a NodeName to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.