Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp1693380lqm;
        Fri, 3 May 2024 03:53:02 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCXvH/q0MR6eSVsb+RcMQFDXkA3/B8A4srzO9dfm/AM42Hh1b7sKES5s5lELvCehXhrzvh2RGBGH0tAljEdrVkQzRkpqlM4bEcUpYZqBLA==
X-Google-Smtp-Source: AGHT+IElRmOWLM/3F8PGry5C4/HzPAaddsW6o6Wcbr4T6Vbs6QjXgFO+CbbQjDAgNWo+RePcSAq+
X-Received: by 2002:a05:620a:3b89:b0:790:e8f5:c05a with SMTP id ye9-20020a05620a3b8900b00790e8f5c05amr2218766qkn.78.1714733581898;
        Fri, 03 May 2024 03:53:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1714733581; cv=none;
        d=google.com; s=arc-20160816;
        b=EmBJxeSTMxkWMaZinH6r5jg5Tg97mgNzE5z4k1wcmu9s5aGd/kv/cyEDr7noZzfQOa
         9qVPpEeH0Fy15OCU9UQxuV03uC/j9mYh+8IUm1ii88m39/CtQWTFcqxsu2C+70/AJrCC
         PkxRduo5UqR6UR9IhxRMa+qZ6P01Tj8qG4yh3xFvLm/Cp9LsCpOPijFPyCwbyoffsep/
         wlHnv6BleKib4Fax+gH3hgMVvhix/tqh0DbH/18ZZKkPEv6lRv/k7V9dR4D83JvmCgSy
         6YxRfRENr8esWOVUh8D4Rj6iCj7mCL4ZwmfmxJEPLiI8US+hJe8mn/OLBEt7+Mj4o9Yd
         OEdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=subject:mime-version:date:content-transfer-encoding:message-id:to
         :from:delivered-to:delivered-to:reply-to:list-id:list-subscribe
         :list-unsubscribe:list-help:list-post:precedence:mailing-list;
        bh=inXRHyyEIT3f7T+dBlsKiwSuv7YuelX3trDm4haZNH4=;
        fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=;
        b=P0BlUquKEtyrYRctWwqwu56V7u9/hG32H6yyesx0qAKYUK/PphiFIB1JbOQs/p2WR7
         IIfvzWrG8FTKlQxhdgiq0INp1Irg674etRmVDmOdy+UaMEz/s+9+Cx8fN7/kbsawjDeb
         n732zDP447WR/bvBHiPW5r8A/rU0PXmQa5cHONG5b9EZLnXNjFiu8gvgra6oeri00AN/
         BsTlO+U9qS7R2U7MBK/UY8ZAfeftwjjE8+wqhNmbSj4nU8KgoXkzUWdmo62YoEFn3JCF
         Qp8nMzb3jNHQYYUFoBCv3+nL6r2zXRwj+m4P0HWmiF1OEDMcozACvqrjTjC7oB8kZXCF
         h3Bg==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com"
Return-Path: <oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com>
Received: from second.openwall.net (second.openwall.net. [193.110.157.125])
        by mx.google.com with SMTP id dz5-20020a05620a2b8500b0078ec815992fsi3199088qkb.225.2024.05.03.03.53.01
        for <linux.lists.archive@gmail.com>;
        Fri, 03 May 2024 03:53:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com"
Received: (qmail 32491 invoked by uid 550); 3 May 2024 10:48:30 -0000
Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:oss-security@lists.openwall.com>
List-Help: <mailto:oss-security-help@lists.openwall.com>
List-Unsubscribe: <mailto:oss-security-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:oss-security-subscribe@lists.openwall.com>
List-ID: <oss-security.lists.openwall.com>
Reply-To: oss-security@lists.openwall.com
Delivered-To: mailing list oss-security@lists.openwall.com
Delivered-To: moderator for oss-security@lists.openwall.com
Received: (qmail 16182 invoked from network); 3 May 2024 08:03:47 -0000
Authentication-Results: apache.org; auth=none
Content-Type: text/plain; charset=utf-8
From: Stamatis Zampetakis <zabetak@apache.org>
To: oss-security@lists.openwall.com
Message-ID: <99f26c7f-4611-6918-23c5-96c401972688@apache.org>
Content-Transfer-Encoding: quoted-printable
Date: Fri, 03 May 2024 08:03:35 +0000
MIME-Version: 1.0
Subject: [oss-security] CVE-2023-35701: Apache Hive: Arbitrary command execution via JDBC
 driver 

Severity: moderate

Affected versions:

- Apache Hive 4.0.0-alpha-1 before 4.0.0

Description:

Improper Control of Generation of Code ('Code Injection') vulnerability in =
Apache Hive.

The vulnerability affects the Hive JDBC driver component and it can =
potentially lead to arbitrary code execution on the machine/endpoint that =
the JDBC driver (client) is running. The malicious user must have =
sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying =
on the Hive JDBC driver and the JDBC client process must run under a =
privileged user to fully exploit the vulnerability.=C2=A0

The attacker can setup a malicious HTTP server and specify a JDBC URL =
pointing towards this server. When a JDBC connection is attempted, the =
malicious HTTP server can provide a special response with customized =
payload that can trigger the execution of certain commands in the JDBC =
client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.

Users are recommended to upgrade to version 4.0.0, which fixes the issue.

This issue is being tracked as HIVE-27554=20

Credit:

Kostya Kortchinsky (reporter)

References:

https://hive.apache.org/
https://www.cve.org/CVERecord?id=3DCVE-2023-35701
https://issues.apache.org/jira/browse/HIVE-27554