Land #17646, Link Hadoop YARN exploit to documentation
This commit is contained in:
commit
a8d2073eee
|
@ -14,8 +14,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Hadoop YARN ResourceManager Unauthenticated Command Execution',
|
'Name' => 'Hadoop YARN ResourceManager Unauthenticated Command Execution',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module uses built-in functionality to execute arbitrary commands on an unsecured Hadoop server which is not configured for strong
|
This module uses Hadoop's standard ResourceManager REST API to execute arbitrary commands on an unsecured Hadoop server.
|
||||||
authentication, via Hadoop's standard ResourceManager REST API.
|
Hadoop administrators should enable Kerberos authentication for these endpoints by changing the 'hadoop.security.authentication' setting in 'core-site.xml' from 'simple' (the default) to 'kerberos' before exposing the node to the network.
|
||||||
},
|
},
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'Author' =>
|
'Author' =>
|
||||||
|
@ -26,8 +26,11 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
['URL', 'http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf'],
|
['URL', 'http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf'],
|
||||||
['URL', 'https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn']
|
['URL', 'https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn'],
|
||||||
# Note, there will never be a CVE for this issue, unless something radical changes in the CVE inclusion rules.
|
# Note, there will never be a CVE for this issue, since this is a misconfiguration by the administrator rather than a vulnerability in the software.
|
||||||
|
# Hadoop installations should always configure Kerberos authentication before being exposed to the network,
|
||||||
|
# since the default configuration does not require authentication.
|
||||||
|
['URL', 'https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html']
|
||||||
],
|
],
|
||||||
'Platform' => 'linux',
|
'Platform' => 'linux',
|
||||||
'Arch' => [ARCH_X86, ARCH_X64],
|
'Arch' => [ARCH_X86, ARCH_X64],
|
||||||
|
|
Loading…
Reference in New Issue