Miggo Logo

CVE-2018-11766: Arbitrary Command Execution in Hadoop

8.8

CVSS Score
3.0

Basic Information

EPSS Score
0.71347%
CWE
-
Published
12/21/2018
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.hadoop:hadoop-mainmaven>= 2.7.4, <= 2.7.62.7.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from incomplete fixes in container command execution path where: 1) LinuxContainerExecutor runs with root privileges 2) Previous CVE-2016-6811 patching was insufficient 3) Advisory specifies yarn->root escalation vector. The startContainer() method is the logical location where container command execution would be initiated, making it the most likely vulnerable point based on the described attack pattern and Hadoop's architecture.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In *p**** ***oop *.*.* to *.*.*, t** s**urity *ix *or *V*-****-**** is in*ompl*t*. * us*r w*o **n *s**l*t* to y*rn us*r **n possi*ly run *r*itr*ry *omm*n*s *s root us*r.

Reasoning

T** vuln*r**ility st*ms *rom in*ompl*t* *ix*s in *ont*in*r *omm*n* *x**ution p*t* w**r*: *) `Linux*ont*in*r*x**utor` runs wit* root privil***s *) Pr*vious *V*-****-**** p*t**in* w*s insu**i*i*nt *) **visory sp**i*i*s y*rn->root *s**l*tion v**tor. T**