CVE-2014-3627: Improper Link Resolution Before File Access in Apache Hadoop
5
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.82804%
CWE
Published
5/17/2022
Updated
1/27/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.apache.hadoop:hadoop-client | maven | >= 0.23.0, < 1.0.1 | 1.0.1 |
org.apache.hadoop:hadoop-client | maven | >= 2.0.0, < 2.5.2 | 2.5.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two key phases: 1) Improper extraction of tar archives allowing symlink creation, and 2) Permission modification operations that follow these symlinks. The FileUtil.unTar
function is directly responsible for the first phase by processing archive entries without symlink validation. The LocalizedResource.fixPermissions
handles the second phase by applying permissions without NOFOLLOW checks. Both functions would appear in stack traces during exploitation - unTar
when processing the malicious archive, and fixPermissions
when modifying permissions of symlink targets.