Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Vulnerability assessment test

Labels:
avatar
author-rank steh
Explorer

Created on ‎03-29-2016 07:16 AM - last edited on ‎11-08-2016 07:59 AM by Community Manager Community Manager

Hi,

 

We ran Vulnerability assessment test and we could see some Vulnerabilities in cloudera. Have mentioned the description of the reported Vulnerabilities.

 

Vulnerability Detection Method
Details:dotProject Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.800565
Version used: $Revision: 2235 $
References
CVE: CVE-2008-6747
BID:29679
Other:
URL:http://en.securitylab.ru/nvd/378282.php
URL:http://xforce.iss.net/xforce/xfdb/43019

 

Kindly have a look and do suggest us on the same.

3,318 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank steh
Explorer

Created ‎04-07-2016 05:32 AM

Thanks cjervis.

 

I fixed that vulnerability issue.

 

Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.

 

So, I gave the privileges for 25000 port which impala port. Throught this port only vulnerability raised because of Privilege Escalation vulnerability. Finally it's fixed.

 

Thanks for your responce cjervis.

View solution in original post

3,259 Views
0 Kudos
4 REPLIES 4

avatar
author-rank steh
Explorer

Created ‎04-03-2016 11:22 PM

Hi,

 

 

We ran Vulnerability assessment test and we could see some Vulnerabilities in cloudera. Have mentioned the description of the reported Vulnerabilities.

 

The host is installed with dotProject and is prone to Privilege Escalation vulnerability.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Attackers can exploit this issue via specially crafted HTTP request to certain administrative
pages to gain administrative privileges on the a?ected system. Impact Level: Application

 

Vulnerability Detection Method
Details:dotProject Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.800565
Version used: $Revision: 2235 $
References
CVE: CVE-2008-6747
BID:29679
Other:
URL:http://en.securitylab.ru/nvd/378282.php
URL:http://xforce.iss.net/xforce/xfdb/43019

 

 

Kindly have a look and do suggest us on the same.

3,289 Views
0 Kudos

avatar
author-rank cjervis author-rank
Community Manager

Created ‎04-06-2016 09:27 AM

Sorry for the delay in response @steh, I was seeing what I could find out through my contacts. 

 

The response I received is that the CVE that is referred to applies to "dotProject" which is not Cloudera software. 

 

I hope this helps.


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
3,266 Views

avatar
author-rank steh
Explorer

Created ‎04-07-2016 05:32 AM

Thanks cjervis.

 

I fixed that vulnerability issue.

 

Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.

 

So, I gave the privileges for 25000 port which impala port. Throught this port only vulnerability raised because of Privilege Escalation vulnerability. Finally it's fixed.

 

Thanks for your responce cjervis.

3,260 Views
0 Kudos

avatar
author-rank cjervis author-rank
Community Manager

Created ‎04-07-2016 05:38 AM

I'm happy to hear that you resolved the issue. Feel free to mark your last comment as the solution. 🙂


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
3,247 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements