Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # general >> [CVE-2012-1574] Apache Hadoop user impersonation vulnerability


Copy link to this message
-
Re: [CVE-2012-1574] Apache Hadoop user impersonation vulnerability

On Apr 6, 2012, at 10:02 AM, Andrew Purtell wrote:

> This is not a helpful disclosure.
>
> Now we know our "secure" deployment is vulnerable, but have no idea how to mitigate. Claiming an upgrade to a nonexistent version with an, apparently, uncommitted fix as a mitigation is not viable. Where is the JIRA for this?

*SIGH* You're right, we messed up. We waited for the stable line to be fixed with Hadoop 1.0.2, but we should have waited for the 0.23.2 vote to pass too. The bug is fixed in 0.23.2 rc 0.

-- Owen
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB