[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[CVE-2012-1574] Apache Hadoop user impersonation vulnerability
Users of Apache Hadoop should be aware of a security vulnerability
recently discovered, as described by the following CVE. In particular,
please note the "Users affected", "Versions affected", and
Aaron T. Myers
Software Engineer, Cloudera
CVE-2012-1574: Apache Hadoop user impersonation vulnerability
Vendor: The Apache Software Foundation
Hadoop 0.20.203.0, 0.20.204.0, and 0.20.205.0
Hadoop 1.0.0 to 1.0.1
Hadoop 0.23.0 to 0.23.1.
Users affected: Users who have enabled Hadoop's Kerberos/MapReduce
Impact: Vulnerability allows an authenticated malicious user to
impersonate any other user on the cluster.
0.20.20x.x and 1.0.x users should upgrade to 1.0.2
0.23.x users should upgrade to 0.23.2 when it becomes available
This issue was discovered by Aaron T. Myers of Cloudera.