CVE-2016-5001

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions prior to 2.6.4 Apache Hadoop versions 2.7.x prior to 2.7.2

Description This issue allows a local user on an HDFS DataNode to potentially gain unauthorized read access to random files. The vulnerability exists in the short-circuit reads feature of HDFS, where a user may craft a block token by guessing certain fields, thus granting them access to files they should not be able to read.

Recommendations For Apache Hadoop versions prior to 2.6.4, update to version 2.6.4 or later. For Apache Hadoop versions 2.7.x prior to 2.7.2, update to version 2.7.2 or later.