You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@bigtop.apache.org by Roman Shaposhnik <ro...@shaposhnik.org> on 2016/11/29 00:09:12 UTC
Fwd: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
FYI
---------- Forwarded message ----------
From: Yongjun Zhang <yj...@apache.org>
Date: Mon, Nov 28, 2016 at 4:04 PM
Subject: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
To: security@apache.org, oss-security@lists.openwall.com,
bugtraq@securityfocus.com, general@hadoop.apache.org
Hi,
Please see below the official announcement of a critical security
vulnerability that's discovered and subsequently fixed in Apache Hadoop
releases.
Thanks and best regards,
--Yongjun
----------
CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
Severity: Critical
Vendor:
The Apache Software Foundation
Versions Affected:
Hadoop 2.6.x, 2.7.x
Description:
A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands as the hdfs user.
Mitigation:
2.7.x users should upgrade to 2.7.3
2.6.x users should upgrade to 2.6.5
Impact:
A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands with the same privileges as HDFS service.
Credit:
This issue was discovered by Freddie Rice.
----------
RE: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
Posted by Andrew Palumbo <ap...@outlook.com>.
Thx was wondering when that was going to come out.
Sent from my Verizon Wireless 4G LTE smartphone
-------- Original message --------
From: Andrew Musselman <an...@gmail.com>
Date: 11/28/2016 4:29 PM (GMT-08:00)
To: dev@mahout.apache.org
Subject: Fwd: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
---------- Forwarded message ----------
From: Roman Shaposhnik <ro...@shaposhnik.org>
Date: Mon, Nov 28, 2016 at 4:09 PM
Subject: Fwd: CVE-2016-5393: Apache Hadoop Privilege escalation
vulnerability
To: "dev@bigtop.apache.org" <de...@bigtop.apache.org>, "user@bigtop.apache.org"
<us...@bigtop.apache.org>
FYI
---------- Forwarded message ----------
From: Yongjun Zhang <yj...@apache.org>
Date: Mon, Nov 28, 2016 at 4:04 PM
Subject: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
To: security@apache.org, oss-security@lists.openwall.com,
bugtraq@securityfocus.com, general@hadoop.apache.org
Hi,
Please see below the official announcement of a critical security
vulnerability that's discovered and subsequently fixed in Apache Hadoop
releases.
Thanks and best regards,
--Yongjun
----------
CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
Severity: Critical
Vendor:
The Apache Software Foundation
Versions Affected:
Hadoop 2.6.x, 2.7.x
Description:
A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands as the hdfs user.
Mitigation:
2.7.x users should upgrade to 2.7.3
2.6.x users should upgrade to 2.6.5
Impact:
A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands with the same privileges as HDFS service.
Credit:
This issue was discovered by Freddie Rice.
----------
Fwd: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
Posted by Andrew Musselman <an...@gmail.com>.
---------- Forwarded message ----------
From: Roman Shaposhnik <ro...@shaposhnik.org>
Date: Mon, Nov 28, 2016 at 4:09 PM
Subject: Fwd: CVE-2016-5393: Apache Hadoop Privilege escalation
vulnerability
To: "dev@bigtop.apache.org" <de...@bigtop.apache.org>, "user@bigtop.apache.org"
<us...@bigtop.apache.org>
FYI
---------- Forwarded message ----------
From: Yongjun Zhang <yj...@apache.org>
Date: Mon, Nov 28, 2016 at 4:04 PM
Subject: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
To: security@apache.org, oss-security@lists.openwall.com,
bugtraq@securityfocus.com, general@hadoop.apache.org
Hi,
Please see below the official announcement of a critical security
vulnerability that's discovered and subsequently fixed in Apache Hadoop
releases.
Thanks and best regards,
--Yongjun
----------
CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability
Severity: Critical
Vendor:
The Apache Software Foundation
Versions Affected:
Hadoop 2.6.x, 2.7.x
Description:
A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands as the hdfs user.
Mitigation:
2.7.x users should upgrade to 2.7.3
2.6.x users should upgrade to 2.6.5
Impact:
A remote user who can authenticate with the HDFS NameNode can possibly run
arbitrary commands with the same privileges as HDFS service.
Credit:
This issue was discovered by Freddie Rice.
----------