edit-icon download-icon

[Vulnerability notice] CVE-2017-7669: Remote privilege escalation vulnerability in Apache Hadoop

Last Updated: Apr 08, 2018

Apache Hadoop is a software framework that supports data-intensive distributed applications and is released with the Apache License 2.0. Recently, security researchers have detected a vulnerability in Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2. The vulnerability stems from inadequate input validation. The vulnerability allows an attacker to run commands with root permissions, which is highly risky.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-7669

Vulnerability name

Apache Hadoop remote privilege escalation vulnerability

Vulnerability rating

High

Vulnerability description

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, LinuxContainerExecutor does not effectively validate the input, thus allowing a user to run the docker command with root permissions. When the docker function is enabled, the authenticated user can run the command with root permissions.

Condition and method of exploitation

Remote exploitation

Affected scope

  • Apache Hadoop 2.8.0
  • Apache Hadoop 3.0.0-alpha1
  • Apache Hadoop 3.0.0-alpha2

Vulnerability detection

Check whether any affected version of Apache Hadoop is used.

How to fix or mitigate

  • Upgrade Apache Hadoop 2.8.0 to 2.8.1.

  • Upgrade Apache Hadoop 3.0.0-alpha1 and Hadoop 3.0.0-alpha2 to Hadoop 3.0.0-alpha3 or later.

Reference

[1]. https://mail-archives.apache.org/mod_mbox/hadoop-user/201706.mbox/%3C4A2FDA56-491B-4C2A-915F-C9D4A4BDB92A%40apache.org%3E

Thank you! We've received your feedback.