CVE-2012-3376

Apache Hadoop 2.0.0-alpha - Unauthenticated Arbitrary Block Access via BlockToken Bypass

Title source: llm
STIX 2.1

Description

DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.

References (3)

Core 3
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-07/0049.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54358

Scores

EPSS 0.0266
EPSS Percentile 84.0%

Details

CWE
CWE-310
Status published
Products (2)
apache/hadoop 2.0.0 alpha
org.apache.hadoop/hadoop-client 2.0.0-alpha - 2.0.1-alphaMaven
Published Jul 12, 2012
Tracked Since Feb 18, 2026