Privilege Escalation Vulnerability in Apache Hadoop by The Apache Software Foundation
CVE-2017-7669

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Hadoop
Vendor: CVE Published:; 5 June 2017

What is CVE-2017-7669?

In specific versions of Apache Hadoop, particularly 2.8.0 and alpha releases of 3.0.0, the LinuxContainerExecutor is designed to run Docker commands with root privileges. However, the implementation suffers from a lack of adequate input validation, allowing authenticated users to execute arbitrary commands as the root user when the Docker feature is enabled. This vulnerability highlights significant security concerns for installations running these versions, as it may lead to unauthorized access and control over system resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Hadoop 2.8.0

Apache Hadoop 3.0.0-alpha1 and 3.0.0-alpha2

References

http://www.securityfocus.com/bid/98795

vdb-entryx_refsource_BID

https://mail-archives.apache.org/mod_mbox/hadoop-user/201...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 5, 2017
Vulnerability Reserved
Apr 11, 2017

JSON

Apache

What is CVE-2017-7669?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.