Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Vulnerability assessment test

Labels:
avatar
author-rank steh
Explorer

Created on ‎03-29-2016 07:16 AM - last edited on ‎11-08-2016 07:59 AM by Community Manager Community Manager

Hi,

 

We ran Vulnerability assessment test and we could see some Vulnerabilities in cloudera. Have mentioned the description of the reported Vulnerabilities.

 

Vulnerability Detection Method
Details:dotProject Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.800565
Version used: $Revision: 2235 $
References
CVE: CVE-2008-6747
BID:29679
Other:
URL:http://en.securitylab.ru/nvd/378282.php
URL:http://xforce.iss.net/xforce/xfdb/43019

 

Kindly have a look and do suggest us on the same.

2,876 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank steh
Explorer

Created ‎04-07-2016 05:32 AM

Thanks cjervis.

 

I fixed that vulnerability issue.

 

Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.

 

So, I gave the privileges for 25000 port which impala port. Throught this port only vulnerability raised because of Privilege Escalation vulnerability. Finally it's fixed.

 

Thanks for your responce cjervis.

View solution in original post

2,817 Views
0 Kudos
4 REPLIES 4

avatar
author-rank steh
Explorer

Created ‎04-03-2016 11:22 PM

Hi,

 

 

We ran Vulnerability assessment test and we could see some Vulnerabilities in cloudera. Have mentioned the description of the reported Vulnerabilities.

 

The host is installed with dotProject and is prone to Privilege Escalation vulnerability.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Attackers can exploit this issue via specially crafted HTTP request to certain administrative
pages to gain administrative privileges on the a?ected system. Impact Level: Application

 

Vulnerability Detection Method
Details:dotProject Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.800565
Version used: $Revision: 2235 $
References
CVE: CVE-2008-6747
BID:29679
Other:
URL:http://en.securitylab.ru/nvd/378282.php
URL:http://xforce.iss.net/xforce/xfdb/43019

 

 

Kindly have a look and do suggest us on the same.

2,847 Views
0 Kudos

avatar
author-rank cjervis author-rank
Community Manager

Created ‎04-06-2016 09:27 AM

Sorry for the delay in response @steh, I was seeing what I could find out through my contacts. 

 

The response I received is that the CVE that is referred to applies to "dotProject" which is not Cloudera software. 

 

I hope this helps.


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,824 Views

avatar
author-rank steh
Explorer

Created ‎04-07-2016 05:32 AM

Thanks cjervis.

 

I fixed that vulnerability issue.

 

Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.

 

So, I gave the privileges for 25000 port which impala port. Throught this port only vulnerability raised because of Privilege Escalation vulnerability. Finally it's fixed.

 

Thanks for your responce cjervis.

2,818 Views
0 Kudos

avatar
author-rank cjervis author-rank
Community Manager

Created ‎04-07-2016 05:38 AM

I'm happy to hear that you resolved the issue. Feel free to mark your last comment as the solution. 🙂


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,805 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements