Vulners
Lucene search
Apache Impala 2.8.0 Authentication Bypass Vulnerability
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | Apache Impala Authentication Bypass Vulnerability | 11 Jul 201700:00 | – | cnvd |
 | CVE-2017-5640 | 10 Jul 201720:00 | – | cve |
 | CVE-2017-5640 | 10 Jul 201720:00 | – | cvelist |
 | EUVD-2017-14732 | 7 Oct 202500:30 | – | euvd |
 | CVE-2017-5640 | 10 Jul 201720:29 | – | nvd |
 | Design/Logic Flaw | 10 Jul 201720:29 | – | prion |
CVE-2017-5640 Apache Impala (incubating) Information Disclosure
Versions Affected:
Apache Impala (incubating) 2.7.0 to 2.8.0
Description:
It was noticed that a malicious process impersonating an Impala daemon
could cause Impala daemons to skip authentication checks when Kerberos
is enabled (but TLS is not). If the malicious server responds with
aCOMPLETEa before the SASL handshake has completed, the client will
consider the handshake as completed even though no exchange of
credentials has happened.
Mitigation:
Users of the affected versions should apply the following mitigation:
Upgrade to Apache Impala (incubating) 2.9.0
Credit:
This issue was identified by the Cloudera Security team.
References:
https://issues.apache.org/jira/browse/IMPALA-5005
# 0day.today [2018-03-31] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Jul 2017 00:00Current
EPSS0.01296