CVE-2012-3376
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
12/07/2012
Last modified:
11/04/2025
Description
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2012-07/0049.html
- http://www.securityfocus.com/bid/54358
- https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
- http://archives.neohapsis.com/archives/bugtraq/2012-07/0049.html
- http://www.securityfocus.com/bid/54358
- https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html