Lucene search
PRIOn knowledge basePRION:CVE-2014-3627HistoryDec 05, 2014 - 4:59 p.m.
Authentication flaw
2014-12-0516:59:00
PRIOn knowledge base
www.prio-n.com
3
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hadoop | eq | 2.0.4 alpha | |
| hadoop | eq | 0.23.9 | |
| hadoop | eq | 0.23.3 | |
| hadoop | eq | 2.0.3 alpha | |
| hadoop | eq | 2.0.6 alpha | |
| hadoop | eq | 2.1.0 beta | |
| hadoop | eq | 2.5.1 | |
| hadoop | eq | 2.0.5 alpha | |
| hadoop | eq | 2.2.0 | |
| hadoop | eq | 0.23.6 |
Related
veracode
veracode
File Permission Manipulation Via Symlink Attack
2018-03-22 02:07:23
cve
cve
CVE-2014-3627
2014-12-05 16:59:04
nvd
nvd
CVE-2014-3627
2014-12-05 16:59:04
cvelist
cvelist
CVE-2014-3627
2014-12-05 16:00:00
osv
osv
Improper Link Resolution Before File Access in Apache Hadoop
2022-05-17 04:20:31
github
github
Improper Link Resolution Before File Access in Apache Hadoop
2022-05-17 04:20:31
