CVE-2023-26031

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 16, 2023
Updated: Aug 1, 2024
CWE ID 426

Summary

CVE-2023-26031 is a vulnerability in the Linux container-executor binary of Apache Hadoop 3.3.1-3.3.4 that allows local users to potentially gain root privileges. This issue arises due to a modified library loading path in the container-executor, which can enable a user with reduced privileges to install a malicious library and have it executed as root. If the YARN cluster accepts work from remote authenticated users, they may be able to exploit this vulnerability to gain root access. The vulnerability was introduced in patch YARN-10495 and can be identified by checking the RUNPATH or RPATH value of the container-executor using the readelf command. A safe installation lacks the suid bit and is not owned by root. The fix for the vulnerability is to revert the change made in YARN-10495 and can be found in hadoop-3.3.5. It is important to note that this vulnerability only affects the use of YARN Secure Containers in Hadoop.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache Hadoop

Affected Vendors

  • Apache Software Foundation

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-26031 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions