The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-12-05T16:00:00

Updated: 2024-08-06T10:50:17.773Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3627

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-12-05T16:59:04.127

Modified: 2024-11-21T02:08:32.080

Link: CVE-2014-3627

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-11-21T00:00:00Z

Links: CVE-2014-3627 - Bugzilla