Unauthorized Access Vulnerability in Hadoop Yarn RPC
PreviousUnauthorized Access Vulnerability in Hadoop YARN ResourcemanagerNextUnauthorized Access Vulnerability in InfluxDB API
Last updated
Last updated
Hadoop Yarn, as one of the core components of Hadoop, is responsible for allocating resources to various clusters and running various applications, and scheduling the execution of tasks on different cluster nodes. Hadoop Yarn opens its RPC service to the public by default, and attackers can use the RPC service to execute arbitrary commands and control the server.
In addition, since the access control mechanism of Hadoop Yarn RPC service is different from that of REST API, even if there is authorization authentication in REST API, the port where RPC service is located can still be accessed without authorization.
https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn
You need to modify the docker-compose.yml to add the 8032 port mapping.
Make a curl request to port 8032.
EXP: https://github.com/cckuailong/YarnRpcRCE
View logs
Reverse shell
Successful connection
The official Apache Hadoop recommends that users enable Kerberos authentication.
Set the port where Hadoop RPC service is located to be open only to trusted addresses.
It is recommended to upgrade and enable the authentication function of Kerberos to prevent unauthorized access.
