Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Nov 2016 16:04:45 -0800
From: Yongjun Zhang <yjzhangal@...che.org>
To: security@...che.org, oss-security@...ts.openwall.com, 
	bugtraq@...urityfocus.com, general@...oop.apache.org
Subject: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability

Hi,

Please see below the official announcement of a critical security
vulnerability that's discovered and subsequently fixed in Apache Hadoop
releases.

Thanks and best regards,

--Yongjun

----------

CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability

Severity: Critical



Vendor:

The Apache Software Foundation



Versions Affected:

Hadoop 2.6.x, 2.7.x



Description:

A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands as the hdfs user.



Mitigation:

2.7.x users should upgrade to 2.7.3

2.6.x users should upgrade to 2.6.5



Impact:

A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands with the same privileges as HDFS service.



Credit:

This issue was discovered by Freddie Rice.

----------

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ