Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 5AECA200CA9 for ; Fri, 2 Jun 2017 07:41:11 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 59686160BDF; Fri, 2 Jun 2017 05:41:11 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 973E9160BC4 for ; Fri, 2 Jun 2017 07:41:10 +0200 (CEST) Received: (qmail 85654 invoked by uid 500); 2 Jun 2017 05:41:06 -0000 Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list user@hadoop.apache.org Received: (qmail 85549 invoked by uid 99); 2 Jun 2017 05:41:06 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Jun 2017 05:41:06 +0000 Received: from [10.200.5.237] (unknown [14.142.207.58]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id F23EE1A0280; Fri, 2 Jun 2017 05:41:03 +0000 (UTC) User-Agent: Microsoft-MacOutlook/f.20.0.170309 Date: Fri, 02 Jun 2017 11:10:55 +0530 Subject: CVE-2017-7669: Apache Hadoop privilege escalation From: Varun Vasudev To: , user , "" , security , , Message-ID: <4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A@apache.org> Thread-Topic: CVE-2017-7669: Apache Hadoop privilege escalation Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit archived-at: Fri, 02 Jun 2017 05:41:11 -0000 CVE-2017-7669: Apache Hadoop privilege escalation Severity: Critical Vendor: The Apache Software Foundation Versions affected: Hadoop 2.8.0, Hadoop 3.0.0-alpha1 and Hadoop 3.0.0-alpha2 Description: The LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root Mitigation: Users of Apache Hadoop 2.8.0 should leave Docker functionality disabled until Hadoop 2.8.1 is released. Users of Apache Hadoop 3.0.0-alpha1 and Hadoop 3.0.0-alpha2 should upgrade to Hadoop 3.0.0-alpha3 or later. Credit: This issue was discovered by Allen Wittenauer. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@hadoop.apache.org For additional commands, e-mail: user-help@hadoop.apache.org