Security restrictions bypass vulnerabilities in Apache Hive



Published: 2018-11-09
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-1314
CVE-2018-11777
CWE-ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Apache Hive
Server applications / Database software

Vendor Apache Foundation

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU15781

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1314

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper security restrictions when the EXPLAIN operation is used. A remote authenticated attacker can use the EXPLAIN operation in a query, bypass security restrictions, access or modify any file and conduct further attacks.

Mitigation

The vulnerability has been fixed in the versions 2.3.4, 3.1.1.

Vulnerable software versions

Apache Hive: 2.3.0 - 3.1.0

External links

http://github.com/pyca/pyopenssl/pull/723


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

EUVDB-ID: #VU15782

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11777

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper security restrictions on local resources on HiveServer2 servers. A remote authenticated attacker can bypass security restrictions, access or modify any file if the Ranger, Sentry or SQL Standard authorizers are not in use and conduct further attacks.

Mitigation

The vulnerability has been fixed in the versions 2.3.4, 3.1.1.

Vulnerable software versions

Apache Hive: 2.3.0 - 3.1.0

External links

http://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###