Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1574

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-1574
Last Modified 05 Dec 2012 11:17:34
Published 12 Apr 2012 06:45:14
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-1574

Summary

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

Vulnerable Systems

Application

  • Apache Hadoop 0.20.203.0

  • Apache Hadoop 0.20.204.0

  • Apache Hadoop 0.20.205.0

  • Apache Hadoop 0.23.0

  • Apache Hadoop 0.23.1

  • Apache Hadoop 1.0.0

  • Apache Hadoop 1.0.1

  • Cloudera Cdh Cdh3

  • Cloudera Hadoop 0.20-sbin

  • Cloudera Hadoop 0.20.1%2b169

  • Cloudera Hadoop 0.20.2%2b923


References

CONFIRM - https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin

FULLDISC - 20120405 [CVE-2012-1574] Apache Hadoop user impersonation vulnerability

BID - 52939

SECUNIA - 48776

SECUNIA - 48775


Last Updated: 27 May 2016 10:53:45