EUVD-2018-0764

Malware in sbrugna...

Incorrect Permission Assignment for Critical Resource in Apache hive

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

CVE-2018-1315

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

CVE-2018-1315

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

Design/Logic Flaw

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

CVE-2018-1315

CVE-2018-1315 affects Apache Hive 2.1.0–2.3.2 when using the HPL/SQL extension and issuing COPY FROM FTP. The FTP client does not verify the destination path, allowing a compromised FTP server to cause the downloaded file to be written to an arbitrary location on the cluster where the command is ...

Unauthorized Write To Arbitrary Location

Hive HPL/SQL is vulnerable to unauthorized write to arbitrary location. FTP client in HPL/SQL fails to validate the download destination location for COPY FROM FTP statement, thereby allowing a malicious FTP server to run the command to download the file to any location...