CVE-2023-26031

Summary

CVE-2023-26031 is a vulnerability in the Linux container-executor binary of Apache Hadoop 3.3.1-3.3.4 that allows local users to potentially gain root privileges. This issue arises due to a modified library loading path in the container-executor, which can enable a user with reduced privileges to install a malicious library and have it executed as root. If the YARN cluster accepts work from remote authenticated users, they may be able to exploit this vulnerability to gain root access. The vulnerability was introduced in patch YARN-10495 and can be identified by checking the RUNPATH or RPATH value of the container-executor using the readelf command. A safe installation lacks the suid bit and is not owned by root. The fix for the vulnerability is to revert the change made in YARN-10495 and can be found in hadoop-3.3.5. It is important to note that this vulnerability only affects the use of YARN Secure Containers in Hadoop.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.