Andrew Musselman
2016-11-29 00:28:28 UTC
---------- Forwarded message ----------
From: Roman Shaposhnik <***@shaposhnik.org>
Date: Mon, Nov 28, 2016 at 4:09 PM
Subject: Fwd: CVE-2016-5393: Apache Hadoop Privilege escalation
vulnerability
To: "***@bigtop.apache.org" <***@bigtop.apache.org>, "***@bigtop.apache.org"
<***@bigtop.apache.org>
FYI
---------- Forwarded message ----------
From: Yongjun Zhang <***@apache.org>
Date: Mon, Nov 28, 2016 at 4:04 PM
Subject: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
To: ***@apache.org, oss-***@lists.openwall.com,
***@securityfocus.com, ***@hadoop.apache.org
Hi,
Please see below the official announcement of a critical security
vulnerability that's discovered and subsequently fixed in Apache Hadoop
releases.
Thanks and best regards,
--Yongjun
----------
CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
Severity: Critical
Vendor:
The Apache Software Foundation
Versions Affected:
Hadoop 2.6.x, 2.7.x
Description:
A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands as the hdfs user.
Mitigation:
2.7.x users should upgrade to 2.7.3
2.6.x users should upgrade to 2.6.5
Impact:
A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands with the same privileges as HDFS service.
Credit:
This issue was discovered by Freddie Rice.
----------
From: Roman Shaposhnik <***@shaposhnik.org>
Date: Mon, Nov 28, 2016 at 4:09 PM
Subject: Fwd: CVE-2016-5393: Apache Hadoop Privilege escalation
vulnerability
To: "***@bigtop.apache.org" <***@bigtop.apache.org>, "***@bigtop.apache.org"
<***@bigtop.apache.org>
FYI
---------- Forwarded message ----------
From: Yongjun Zhang <***@apache.org>
Date: Mon, Nov 28, 2016 at 4:04 PM
Subject: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
To: ***@apache.org, oss-***@lists.openwall.com,
***@securityfocus.com, ***@hadoop.apache.org
Hi,
Please see below the official announcement of a critical security
vulnerability that's discovered and subsequently fixed in Apache Hadoop
releases.
Thanks and best regards,
--Yongjun
----------
CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
Severity: Critical
Vendor:
The Apache Software Foundation
Versions Affected:
Hadoop 2.6.x, 2.7.x
Description:
A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands as the hdfs user.
Mitigation:
2.7.x users should upgrade to 2.7.3
2.6.x users should upgrade to 2.6.5
Impact:
A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands with the same privileges as HDFS service.
Credit:
This issue was discovered by Freddie Rice.
----------