PT-2019-6765 · Apache · Hadoop

Simon

·

Publicado

2019-10-28

·

Atualizado

2022-04-23

·

CVE-2012-2945

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Hadoop version 1.0.3
Description The issue arises from Hadoop storing pid files in the shared /tmp directory by default, leading to a symlink vulnerability.
Recommendations For Hadoop version 1.0.3, consider changing the default directory for storing pid files to a more secure location to mitigate the risk of exploitation. As a temporary workaround, restrict access to the /tmp directory to minimize the risk of symlink attacks.

Exploit

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59CWE-377

Identificadores relacionados

CVE-2012-2945
GHSA-V5C9-98F7-2H54

Produtos afetados

Hadoop