Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018

Background

Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN (Yet Another Resource Negotiator) is the component of Apache Hadoop which manages resources.

Problem

A vulnerability in the REST API in the YARN ResourceManager component allows remote unauthenticated attackers to execute arbitrary commands.

Resolution

Enable secure mode in Apache Hadoop.

References

https://www.exploit-db.com/exploits/45025/

Platforms

Linux

Back to exploit index