Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

mapr Information Disclosure

🗓️ 31 Mar 2017 00:00:00Reported by Mark FelderType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

Mapr web frontend component creates an information disclosure vulnerability during setup, allowing the application to read the /etc/shadow file

Code
`Hello,  
  
The mapr web frontend component creates an information disclosure  
vulnerability. During the setup of mapr the configure.sh script calls a  
function ConfigureWSRole:  
  
function ConfigureWSRole() {  
if [ $clientOnly -eq 0 -a $dontChangeSecurityPermissionsOn -eq 0 ];  
then  
ConfigureRunUserForWS  
fi  
  
This calls ConfigureRunUserForWS from configure-common.sh:  
  
function ConfigureRunUserForWS() {  
local val=`getent group shadow 2>/dev/null`  
if [ "$?" != "0" -o "$val" = "" ]; then  
# Create a group named shadow  
groupadd shadow >> $logFile 2>&1  
fi  
# Add CURR_USER to the group wheel  
if [ -f /etc/SuSE-release ]; then  
# Add CURR_USER to the group wheel for SUSE  
usermod -A shadow $MAPR_USER >> $logFile 2>&1  
STATUS=$?  
#  
# The '-A' option has been removed from SuSE 12   
#  
if [ $STATUS -ne 0 ]; then  
usermod -a -G shadow $MAPR_USER >> $logFile 2>&1  
fi  
else  
usermod -a -G $MAPR_GROUP,shadow $MAPR_USER >> $logFile 2>&1  
fi  
# Change group-owner of /etc/shadow  
chgrp shadow /etc/shadow >> $logFile 2>&1  
# Allow read permissions for user shadow  
chmod ug+r /etc/shadow >> $logFile 2>&1  
}  
  
This results in a shadow file that is now readable to the application:  
  
# ls -la /etc/shadow  
-r--r-----. 1 root shadow 657 Mar 30 16:09 /etc/shadow  
# grep shadow /etc/group  
shadow:x:1000:mapr  
  
The option to disable this codepath, -no-auto-permission-update, is not  
recommended by Mapr and comes with a warning in the script as it will  
break the webserver's ability to authenticate the local mapr user, which  
is used to administer the cluster:  
  
echo " -no-auto-permission-update - do not update the system  
security permissions automatically"  
echo " Warn: Features like WebServer  
might not work properly"  
echo " default: disabled"  
  
The website docs[1] casually describe the option, "Pass this option to  
prevent MapR from silently altering permissions in /etc/shadow."  
  
These files are part of the mapr-core-internal package:  
  
# rpm -fq /opt/mapr/server/configure.sh  
mapr-core-internal-5.2.0.39122.GA-1.x86_64  
# rpm -fq /opt/mapr/server/configure-common.sh  
mapr-core-internal-5.2.0.39122.GA-1.x86_64  
  
  
Thanks  
  
[1] http://maprdocs.mapr.com/home/ReferenceGuide/configure.sh.html  
  
--   
Mark Felder  
[email protected]  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Mar 2017 00:00Current
7.4High risk
Vulners AI Score7.4
maprweb frontendinformation disclosurevulnerabilitysetup/etc/shadowapplicationsecurity permissionsmapr userclusterscriptshadow filepermission updatewebserverauthenticationdocumentationrpmpackage
26