In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
This article introduces the knowledge of "how to solve Apache Spark remote code execution vulnerabilities". Many people will encounter such a dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!
0x00 vulnerability background
June 24, 2020, 360CERT Monitoring found that Apache Spark officially issued a risk notice for Apache Spark remote code execution, the vulnerability number is CVE-2020-9480, vulnerability level: high risk.
Apache Spark is an open source cluster computing framework, a fast and general computing engine designed for large-scale data processing. Spark is an open source Hadoop MapReduce-like general parallel framework developed by UC Berkeley AMP lab (AMP Lab of the University of California, Berkeley).
In Apache Spark 2.4.5 and earlier, the primary server of a stand-alone resource manager might be configured to require authentication through a shared key (spark.authenticate). However, due to the defects in the authentication mechanism of Spark, the shared key authentication is invalid. An attacker can exploit this vulnerability to execute commands on the host without authorization, resulting in remote code execution.
In this regard, 360CERT recommends that the majority of users timely install the latest patches, do a good job of asset self-examination and prevention work, so as to avoid hacker attacks.
0x01 risk rating
360CERT's assessment of the vulnerability is as follows
Assessment methods, threat levels, high risk impact surfaces, general 0x02 vulnerability details
In Apache Spark 2.4.5 and earlier, the primary server of a stand-alone resource manager might be configured to require authentication through a shared key (spark.authenticate). However, due to the defects in the authentication mechanism of Spark, the shared key authentication is invalid. An attacker can exploit this vulnerability to execute commands on the host without authorization, resulting in remote code execution.
0x03 affects version
Apache Spark:
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
