CVE-2023-26031

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions 3.3.1 through 3.3.4

Description The issue is related to the use of an unreliable path search in the Apache Hadoop platform, which can allow a remote attacker to execute commands with root privileges. The vulnerability is due to a change in the library loading path for the container-executor binary, which can be exploited by a user with reduced privileges to install a malicious library and have it executed as root. If the YARN cluster is accepting work from remote authenticated users, this may permit remote users to gain root privileges.

Recommendations For Apache Hadoop versions 3.3.1 through 3.3.4, update to version 3.3.5 or later, which includes the patch to revert the change that introduced the vulnerability. To determine whether a version of container-executor is vulnerable, use the readelf command to check the RUNPATH or RPATH value. If the value contains the relative path "./lib/native/", the version is at risk. To mitigate the issue, ensure that the owner of the container-executor binary is not root and the suid bit is not set.