Main Vulnerability Database SB2018012425

SB2018012425 - Input validation error in Hadoop

Published: January 24, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018012425

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2017-15718)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Remediation

Install update from vendor's website.

References

https://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6@%3Cgeneral.hadoop.apache.org%3E