Varun Vasudev
2017-06-02 05:40:55 UTC
CVE-2017-7669: Apache Hadoop privilege escalation
Severity: Critical
Vendor: The Apache Software Foundation
Versions affected: Hadoop 2.8.0, Hadoop 3.0.0-alpha1 and Hadoop 3.0.0-alpha2
Description:
The LinuxContainerExecutor runs docker commands as root with
insufficient input validation. When the docker feature is enabled,
authenticated users can run commands as root
Mitigation:
Users of Apache Hadoop 2.8.0 should leave Docker functionality disabled until Hadoop 2.8.1 is released.
Users of Apache Hadoop 3.0.0-alpha1 and Hadoop 3.0.0-alpha2 should upgrade to Hadoop 3.0.0-alpha3 or later.
Credit:
This issue was discovered by Allen Wittenauer.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-***@hadoop.apache.org
For additional commands, e-mail: general-***@hadoop.apache.org
Severity: Critical
Vendor: The Apache Software Foundation
Versions affected: Hadoop 2.8.0, Hadoop 3.0.0-alpha1 and Hadoop 3.0.0-alpha2
Description:
The LinuxContainerExecutor runs docker commands as root with
insufficient input validation. When the docker feature is enabled,
authenticated users can run commands as root
Mitigation:
Users of Apache Hadoop 2.8.0 should leave Docker functionality disabled until Hadoop 2.8.1 is released.
Users of Apache Hadoop 3.0.0-alpha1 and Hadoop 3.0.0-alpha2 should upgrade to Hadoop 3.0.0-alpha3 or later.
Credit:
This issue was discovered by Allen Wittenauer.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-***@hadoop.apache.org
For additional commands, e-mail: general-***@hadoop.apache.org