#VU13871 Privilege escalation in Apache Spark - CVE-2018-1334

Cybersecurity Help s.r.o.

Published: 2018-07-14

Vulnerability identifier: #VU13871

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-1334

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Apache Spark
Server applications / Frameworks for developing and running applications

Vendor: Apache Foundation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the PySpark and SparkR packages used in Apache Spark due to unspecified condition. A local attacker can connect to the affected software as a local user, gain elevated privileges and conduct further attacks.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Apache Spark: 1.0.0 - 1.0.2, 1.1.0 - 1.1.1, 1.2.0 - 1.2.1, 1.3.0 - 1.3.1, 1.4.0 - 1.4.1, 1.5.0 - 1.5.2, 1.6.0 - 1.6.3, 2.0.0 - 2.0.2, 2.1.0 - 2.1.3, 2.2.0 - 2.2.2, 2.3.0 - 2.3.1

External links
https://spark.apache.org/security.html#CVE-2018-1334

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Apache Spark