Main Vulnerability Database Vulnerabilities #VU16008

OS command injection in Hadoop - #VU16008

Published: November 22, 2018 / Updated: June 26, 2023

Vulnerability identifier: #VU16008

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: N/A

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
Hadoop

Detailed vulnerability description

The vulnerability allows a remote unauthenticated attacker to execute arbitrary shell commands on the target system.

The vulnerability exists in Hadoop YARN mechanism due to insufficient validation of user-supplied input. A remote unauthenticated attacker can inject and execute arbitrary shell commands to infect Hadoop clusters on Linux servers with unsophisticated new bots (DemonBot, Mirai bot) and compromise vulnerable system.

Remediation

Install update from vendor's website.

Sources

https://blog.radware.com/security/2018/10/new-demonbot-discovered/
https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/
https://github.com/vulhub/vulhub/blob/master/hadoop/unauthorized-yarn/exploit.py

OS command injection in Hadoop - #VU16008

Detailed vulnerability description

Remediation

Sources

Please verify you're human