openEuler update for hadoop
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-33036 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system hadoop-mapreduce Operating systems & Components / Operating system package or component hadoop-tests Operating systems & Components / Operating system package or component hadoop-client Operating systems & Components / Operating system package or component hadoop-httpfs Operating systems & Components / Operating system package or component hadoop-maven-plugin Operating systems & Components / Operating system package or component hadoop-hdfs Operating systems & Components / Operating system package or component hadoop-mapreduce-examples Operating systems & Components / Operating system package or component hadoop-yarn Operating systems & Components / Operating system package or component hadoop-common Operating systems & Components / Operating system package or component libhdfs Operating systems & Components / Operating system package or component hadoop-debugsource Operating systems & Components / Operating system package or component hadoop-yarn-security Operating systems & Components / Operating system package or component hadoop-debuginfo Operating systems & Components / Operating system package or component hadoop-common-native Operating systems & Components / Operating system package or component hadoop-devel Operating systems & Components / Operating system package or component hadoop Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64513
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-33036
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper permission assignment, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS
hadoop-mapreduce: before 3.3.4-1
hadoop-tests: before 3.3.4-1
hadoop-client: before 3.3.4-1
hadoop-httpfs: before 3.3.4-1
hadoop-maven-plugin: before 3.3.4-1
hadoop-hdfs: before 3.3.4-1
hadoop-mapreduce-examples: before 3.3.4-1
hadoop-yarn: before 3.3.4-1
hadoop-common: before 3.3.4-1
libhdfs: before 3.3.4-1
hadoop-debugsource: before 3.3.4-1
hadoop-yarn-security: before 3.3.4-1
hadoop-debuginfo: before 3.3.4-1
hadoop-common-native: before 3.3.4-1
hadoop-devel: before 3.3.4-1
hadoop: before 3.3.4-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP1:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:hadoop-mapreduce:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-tests:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-client:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-httpfs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-maven-plugin:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-hdfs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-mapreduce-examples:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-yarn:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libhdfs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-yarn-security:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-common-native:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:hadoop:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2016
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
