Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems
CVE-2023-26031

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache Hadoop
Vendor
CVE Published:
16 November 2023

Summary

A security vulnerability in the container-executor binary of Apache Hadoop YARN allows local users to gain elevated root privileges by exploiting relative library resolution. If a YARN cluster is configured to accept jobs from remote authenticated users, it might enable those users to also execute jobs with root privileges. This vulnerability arises due to a misconfiguration in the library loading path, allowing less privileged users to replace critical libraries like libcrypto.so with malicious versions. Affected installations can be verified by checking the RUNPATH or RPATH of the container-executor binary, and the issue can be mitigated by upgrading to Apache Hadoop version 3.3.5, which contains the appropriate patches.

Affected Version(s)

Apache Hadoop 3.3.1 < 3.3.5

References

https://issues.apache.org/jira/browse/YARN-11441
issue-tracking
https://hadoop.apache.org/cve_list.html
vendor-advisory
https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Esa Hiltunen
Mikko Kortelainen
The Teragrep Project
.