Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Vulnerability assessment test

Solved Go to solution

Vulnerability assessment test

Explorer

Hi,

 

We ran Vulnerability assessment test and we could see some Vulnerabilities in cloudera. Have mentioned the description of the reported Vulnerabilities.

 

Vulnerability Detection Method
Details:dotProject Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.800565
Version used: $Revision: 2235 $
References
CVE: CVE-2008-6747
BID:29679
Other:
URL:http://en.securitylab.ru/nvd/378282.php
URL:http://xforce.iss.net/xforce/xfdb/43019

 

Kindly have a look and do suggest us on the same.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Vulnerability assessment test

Explorer

Thanks cjervis.

 

I fixed that vulnerability issue.

 

Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.

 

So, I gave the privileges for 25000 port which impala port. Throught this port only vulnerability raised because of Privilege Escalation vulnerability. Finally it's fixed.

 

Thanks for your responce cjervis.

4 REPLIES 4

Vulnerability assessment test

Explorer

Hi,

 

 

We ran Vulnerability assessment test and we could see some Vulnerabilities in cloudera. Have mentioned the description of the reported Vulnerabilities.

 

The host is installed with dotProject and is prone to Privilege Escalation vulnerability.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Attackers can exploit this issue via specially crafted HTTP request to certain administrative
pages to gain administrative privileges on the a?ected system. Impact Level: Application

 

Vulnerability Detection Method
Details:dotProject Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.800565
Version used: $Revision: 2235 $
References
CVE: CVE-2008-6747
BID:29679
Other:
URL:http://en.securitylab.ru/nvd/378282.php
URL:http://xforce.iss.net/xforce/xfdb/43019

 

 

Kindly have a look and do suggest us on the same.

Re: Vulnerability assessment test

Community Manager

Sorry for the delay in response @steh, I was seeing what I could find out through my contacts. 

 

The response I received is that the CVE that is referred to applies to "dotProject" which is not Cloudera software. 

 

I hope this helps.



Cy Jervis, Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

Re: Vulnerability assessment test

Explorer

Thanks cjervis.

 

I fixed that vulnerability issue.

 

Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.

 

So, I gave the privileges for 25000 port which impala port. Throught this port only vulnerability raised because of Privilege Escalation vulnerability. Finally it's fixed.

 

Thanks for your responce cjervis.

Re: Vulnerability assessment test

Community Manager

I'm happy to hear that you resolved the issue. Feel free to mark your last comment as the solution. :)



Cy Jervis, Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:
Community Guidelines
How to use the forum
Don't have an account?
Coming from Hortonworks? Activate your account here