CVE-2014-3627

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions 0.23.0 through 0.23.11 Apache Hadoop versions 2.x before 2.5.2

Description The issue allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive. This occurs when using Kerberos authentication and is related to the distributed cache, specifically due to improper handling during localization.

Recommendations For Apache Hadoop versions 0.23.0 through 0.23.11, update to a version outside of this range to resolve the issue. For Apache Hadoop versions 2.x before 2.5.2, update to version 2.5.2 or later to resolve the issue.