CVE-2012-3376

CVE-2012-3376 affects Hadoop 2.0.0-alpha where DataNodes do not check BlockTokens for clients when Kerberos is enabled and a DataNode has registered multiple times for the same BlockPool. This can allow remote clients to read arbitrary blocks or write to blocks they only have read access to, amon...

[CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Users of Apache Hadoop should be aware of a security vulnerability recently discovered, as described by the following CVE. In particular, please note the "Users affected", "Versions affected", and "Mitigation" sections. The project team will be...

Apache Hadoop信息泄露漏洞

BUGTRAQ ID: 54358 CVE ID: CVE-2012-3376 Hadoop是Apache软件基金会所研发的开放源码并行运算编程工具和分散式档案系统。 Apache Hadoop 2.0.0-alpha在实现上存在信息泄露漏洞，成功利用后可允许攻击者获取敏感信息。 0 Apache Group Hadoop 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://httpd.apache.org/...