Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3376

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-3376
Last Modified 16 Jul 2012 12:00:00
Published 12 Jul 2012 03:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3376

Summary

DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.

Vulnerable Systems

Application

  • Apache Hadoop 2.0.0


References

BID - 54358

BUGTRAQ - 20120706 [CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability


Last Updated: 27 May 2016 10:51:38