mapr Information Disclosure

mapr Information Disclosure: Posted Mar 31, 2017; Authored by Mark Felder; mapr suffers from an information disclosure vulnerability.; tags | exploit, info disclosure; SHA-256 | 72154e7425f8731073fc55262d90eaa471479bcf62a2e3abdbd88d8525430209; Download | Favorite | View

mapr Information Disclosure

Hello,

The mapr web frontend component creates an information disclosure
vulnerability.  During the setup of mapr the configure.sh script calls a
function ConfigureWSRole:

function ConfigureWSRole() {
  if [ $clientOnly -eq 0 -a $dontChangeSecurityPermissionsOn -eq 0 ];
  then
    ConfigureRunUserForWS
  fi

This calls ConfigureRunUserForWS from configure-common.sh:

function ConfigureRunUserForWS() {
  local val=`getent group shadow 2>/dev/null`
  if [ "$?" != "0" -o "$val" = "" ]; then
    # Create a group named shadow
    groupadd shadow  >> $logFile 2>&1
  fi
  # Add CURR_USER to the group wheel
  if [ -f /etc/SuSE-release ]; then
      # Add CURR_USER to the group wheel for SUSE
      usermod -A shadow $MAPR_USER >> $logFile 2>&1
      STATUS=$?
      #
      # The '-A' option has been removed from SuSE 12 
      #
      if [ $STATUS -ne 0 ]; then
          usermod -a -G shadow $MAPR_USER  >> $logFile 2>&1
      fi
  else
      usermod -a -G $MAPR_GROUP,shadow $MAPR_USER  >> $logFile 2>&1
  fi
  # Change group-owner of /etc/shadow
  chgrp shadow /etc/shadow  >> $logFile 2>&1
  # Allow read permissions for user shadow
  chmod ug+r /etc/shadow >> $logFile 2>&1
}

This results in a shadow file that is now readable to the application:

# ls -la /etc/shadow
-r--r-----. 1 root shadow 657 Mar 30 16:09 /etc/shadow
# grep shadow /etc/group
shadow:x:1000:mapr

The option to disable this codepath, -no-auto-permission-update,  is not
recommended by Mapr and comes with a warning in the script as it will
break the webserver's ability to authenticate the local mapr user, which
is used to administer the cluster:

        echo "    -no-auto-permission-update - do not update the system
        security permissions automatically"
        echo "                             Warn: Features like WebServer
        might not work properly"
        echo "                             default: disabled"

The website docs[1] casually describe the option, "Pass this option to
prevent MapR from silently altering permissions in /etc/shadow."

These files are part of the mapr-core-internal package:

# rpm -fq /opt/mapr/server/configure.sh
mapr-core-internal-5.2.0.39122.GA-1.x86_64
# rpm -fq /opt/mapr/server/configure-common.sh
mapr-core-internal-5.2.0.39122.GA-1.x86_64


Thanks

[1] https://maprdocs.mapr.com/home/ReferenceGuide/configure.sh.html

-- 
  Mark Felder
  feld@feld.me

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

mapr Information Disclosure

mapr Information Disclosure

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

mapr Information Disclosure

Share This

mapr Information Disclosure

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems