hadoop-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Varun Vasudev <vvasu...@apache.org>
Subject CVE-2017-7669: Apache Hadoop privilege escalation
Date Fri, 02 Jun 2017 05:40:55 GMT
CVE-2017-7669: Apache Hadoop privilege escalation

Severity: Critical

Vendor: The Apache Software Foundation

Versions affected: Hadoop 2.8.0, Hadoop 3.0.0-alpha1 and Hadoop 3.0.0-alpha2

Description:
The LinuxContainerExecutor runs docker commands as root with
insufficient input validation. When the docker feature is enabled,
authenticated users can run commands as root

Mitigation:
Users of Apache Hadoop 2.8.0 should leave Docker functionality disabled until Hadoop 2.8.1
is released.
Users of Apache Hadoop 3.0.0-alpha1 and Hadoop 3.0.0-alpha2 should upgrade to Hadoop 3.0.0-alpha3
or later.

Credit:
This issue was discovered by Allen Wittenauer.



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@hadoop.apache.org
For additional commands, e-mail: user-help@hadoop.apache.org


Mime
View raw message