admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-16 09:00:34 +00:00
parent 1f7fa1a707
commit 703c5998c2
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 269 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
2023/26xxx/CVE-2023-26031.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.\n\nHadoop 3.3.0 updated the \" YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html \" to add a feature for executing user-submitted applications in isolated linux containers.\n\nThe native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.\n\nThe patch \" YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable\" modified the library loading path for loading .so files from \"$ORIGIN/\" to \"\"$ORIGIN/:../lib/native/\". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.\nIf the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.\n\nThe fix for the vulnerability is to revert the change, which is done in YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , \"Revert YARN-10495\". This patch is in hadoop-3.3.5.\n\nTo determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path \"./lib/native/\" then it is at risk\n\n$ readelf -d container-executor|grep 'RUNPATH\\|RPATH' \n0x000000000000001d (RUNPATH) \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Library runpath: [$ORIGIN/:../lib/native/]\n\nIf it does not, then it is safe:\n\n$ readelf -d container-executor|grep 'RUNPATH\\|RPATH' \n0x000000000000001d (RUNPATH) \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Library runpath: [$ORIGIN/]\n\nFor an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set\n\n$ ls -laF /opt/hadoop/bin/container-executor\n---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor\n\nA safe installation lacks the suid bit; ideally is also not owned by root.\n\n$ ls -laF /opt/hadoop/bin/container-executor\n-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor\n\nThis configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Hadoop",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.3.1",
"version_value": "3.3.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://issues.apache.org/jira/browse/YARN-11441",
"refsource": "MISC",
"name": "https://issues.apache.org/jira/browse/YARN-11441"
},
{
"url": "https://hadoop.apache.org/cve_list.html",
"refsource": "MISC",
"name": "https://hadoop.apache.org/cve_list.html"
},
{
"url": "https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"YARN-11441"
],
"discovery": "EXTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The owner of the&nbsp;container-executor binary must be set to \"root\" and suid set bit such that callers would execute the binary as root. These operations are a requirement for \"YARN Secure Containers\".<br> <br>In an installation using the hadoop.tar.gz file the binary's owner is that of the installing user, and without the suid permission is not at risk. <br><br>However, Apache BIgtop installations set the owner and permissions such that installations may be vulnerable<br><br>The container-executor&nbsp;binary is only vulnerable on some Hadoop/Bigtop releases. It is possible to verify whether a version is vulnerable using the readelf command."
}
],
"value": "The owner of the\u00a0container-executor binary must be set to \"root\" and suid set bit such that callers would execute the binary as root. These operations are a requirement for \"YARN Secure Containers\".\n \nIn an installation using the hadoop.tar.gz file the binary's owner is that of the installing user, and without the suid permission is not at risk. \n\nHowever, Apache BIgtop installations set the owner and permissions such that installations may be vulnerable\n\nThe container-executor\u00a0binary is only vulnerable on some Hadoop/Bigtop releases. It is possible to verify whether a version is vulnerable using the readelf command."
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<ol><li><span style=\"background-color: var(--wht);\">Upgrade to Apache Hadoop 3.3.5</span></li><li><span style=\"background-color: var(--wht);\">If&nbsp;Yarn Secure Containers are not required, remove all execute permissions on bin/container-executor ; change its owner from root, or simply delete it.</span></li><li><span style=\"background-color: var(--wht);\">If Yarn Secure Containers are required on a vulnerable release and upgrade is not possible, replace the container-executor&nbsp;binary with that of the 3.3.5 release.</span><br></li></ol>As most Hadoop installations do not use Yarn Secure Containers, removing execute permissions from the container-executor binary a is sufficient to secure the systems; deletion ensures that no security scanners will report the issue."
}
],
"value": " * Upgrade to Apache Hadoop 3.3.5\n * If\u00a0Yarn Secure Containers are not required, remove all execute permissions on bin/container-executor ; change its owner from root, or simply delete it.\n * If Yarn Secure Containers are required on a vulnerable release and upgrade is not possible, replace the container-executor\u00a0binary with that of the 3.3.5 release.\n\nAs most Hadoop installations do not use Yarn Secure Containers, removing execute permissions from the container-executor binary a is sufficient to secure the systems; deletion ensures that no security scanners will report the issue."
}
],
"credits": [
{
"lang": "en",
"value": "Esa Hiltunen"
},
{
"lang": "en",
"value": "Mikko Kortelainen"
},
{
"lang": "en",
"value": "The Teragrep Project"
}
]
}

88
2023/32xxx/CVE-2023-32469.json
View File

@ -1,17 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32469",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@dell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nDell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "Dell Precision 5820 Tower, Dell Precision 7820 Tower, Dell Precision 7920 Tower",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions prior to 2.32.0"
},
{
"version_affected": "=",
"version_value": "Versions prior to 2.36.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "another1024"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

78
2023/39xxx/CVE-2023-39246.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@dell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nDell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"cweId": "CWE-61"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "Dell Encryption, Dell Endpoint Security Suite Enterprise, Dell Security Management Server (Windows)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions prior to 11.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000217572/dsa-2023-271",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000217572/dsa-2023-271"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
]
}