PT-2014-5427 · Apache · Apache Hadoop

Published

2014-12-05

Updated

2022-05-17

CVE-2014-3627

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions 0.23.0 through 0.23.11 Apache Hadoop versions 2.x before 2.5.2

Description The issue allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive. This occurs when using Kerberos authentication and is related to the distributed cache, specifically due to improper handling during localization.

Recommendations For Apache Hadoop versions 0.23.0 through 0.23.11, update to a version outside of this range to resolve the issue. For Apache Hadoop versions 2.x before 2.5.2, update to version 2.5.2 or later to resolve the issue.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2014-3627

GHSA-JPMF-8CJ2-595G

Affected Products

Apache Hadoop

PT-2014-5427 · Apache · Apache Hadoop

CVE-2014-3627

Weakness Enumeration

Related Identifiers

Affected Products

References · 6