CVE-2012-1574

Published Apr 12, 2012

Last updated 8 years ago

CVSS info 6.5

Overview

Description: The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:hadoop:0.20.203.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "370F1E87-2870-49DA-9501-39327A0D9550"
          },
          {
            "criteria": "cpe:2.3:a:apache:hadoop:0.20.204.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7386E8A-6F60-4A24-97CE-D6A58A6E9C5A"
          },
          {
            "criteria": "cpe:2.3:a:apache:hadoop:0.20.205.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A57AD46-043A-410A-9A2A-53982641CC54"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "029481B4-F0BC-4C44-B5DB-4AE66AE92334"
          },
          {
            "criteria": "cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "501DBE03-139A-46E9-BFD5-B7D8245AD2C7"
          },
          {
            "criteria": "cpe:2.3:a:apache:hadoop:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCC82E5C-775B-4BB0-AE38-6CF546CD6A4F"
          },
          {
            "criteria": "cpe:2.3:a:apache:hadoop:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA4A72DC-B207-4013-ADED-BDEEE3940486"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cloudera:cloudera_cdh:cdh3:0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD622153-2A32-4721-B942-3102BA0002C1"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cloudera_cdh:cdh3:1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0650B19A-5285-4799-877D-BCA5889158B4"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:cloudera_cdh:cdh3:2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D4259A1-CAF6-456B-A366-F8D223263097"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:hadoop:0.20-sbin:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B15492C-3EAC-481B-BAAE-258F2B5C76AE"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:hadoop:0.20.1\\+169:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F414B5A4-050E-46A0-BBAF-7716EE5DE5C5"
          },
          {
            "criteria": "cpe:2.3:a:cloudera:hadoop:0.20.2\\+923:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A2829B7-70D8-4A65-B8A1-BC6DFA21F20A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References