Mikko Kortelainen

**Name of the Vulnerable Software and Affected Versions** Apache Hadoop versions 3.3.1 through 3.3.4 **Description** The issue is related to the use of an unreliable path search in the Apache Hadoop platform, which can allow a remote attacker to execute commands with root privileges. The vulnerability is due to a change in the library loading path for the container-executor binary, which can be exploited by a user with reduced privileges to install a malicious library and have it executed as root. If the YARN cluster is accepting work from remote authenticated users, this may permit remote users to gain root privileges. **Recommendations** For Apache Hadoop versions 3.3.1 through 3.3.4, update to version 3.3.5 or later, which includes the patch to revert the change that introduced the vulnerability. To determine whether a version of container-executor is vulnerable, use the readelf command to check the RUNPATH or RPATH value. If the value contains the relative path "./lib/native/", the version is at risk. To mitigate the issue, ensure that the owner of the container-executor binary is not root and the suid bit is not set.