PT-2012-3349 · Apache+2 · Apache Hadoop+3
Aaron T. Myers
·
Published
2012-04-12
·
Updated
2022-05-17
·
CVE-2012-1574
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apache Hadoop versions 0.20.203.0 through 0.20.205.0
Apache Hadoop versions 0.23.x before 0.23.2
Apache Hadoop versions 1.0.x before 1.0.2
Cloudera CDH versions CDH3u0 through CDH3u2
Cloudera hadoop-0.20-sbin versions before 0.20.2+923.197
Description
The issue allows remote authenticated users to impersonate arbitrary cluster user accounts. This is related to the Kerberos/MapReduce security functionality in Apache Hadoop.
Recommendations
For Apache Hadoop versions 0.20.203.0 through 0.20.205.0, update to a version outside of this range to resolve the issue.
For Apache Hadoop versions 0.23.x before 0.23.2, update to version 0.23.2 or later.
For Apache Hadoop versions 1.0.x before 1.0.2, update to version 1.0.2 or later.
For Cloudera CDH versions CDH3u0 through CDH3u2, update to a version outside of this range.
For Cloudera hadoop-0.20-sbin versions before 0.20.2+923.197, update to version 0.20.2+923.197 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Hadoop
Cloudera Cdh
Cloudera Hadoop-0.20-Sbin
Kerberos