Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xbWgyLWg3cjYtZ202cc4AAb0w
Client BlockTokens not checked in Apache Hadoop
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
Permalink: https://github.com/advisories/GHSA-qmh2-h7r6-gm6qJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xbWgyLWg3cjYtZ202cc4AAb0w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-qmh2-h7r6-gm6q, CVE-2012-3376
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-3376
- https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
- http://archives.neohapsis.com/archives/bugtraq/2012-07/0049.html
- https://seclists.org/fulldisclosure/2012/Jul/78
- https://github.com/advisories/GHSA-qmh2-h7r6-gm6q
Affected Packages
maven:org.apache.hadoop:hadoop-client
Dependent packages: 1,505Dependent repositories: 21,128
Downloads:
Affected Version Ranges: = 2.0.0-alpha
Fixed in: 2.0.1-alpha
All affected versions: 2.0.0-alpha
All unaffected versions: 0.23.1, 0.23.3, 0.23.4, 0.23.5, 0.23.6, 0.23.7, 0.23.8, 0.23.9, 0.23.10, 0.23.11, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 2.2.0, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.9.0, 2.9.1, 2.9.2, 2.10.0, 2.10.1, 2.10.2, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.4.0