Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp1693380lqm; Fri, 3 May 2024 03:53:02 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXvH/q0MR6eSVsb+RcMQFDXkA3/B8A4srzO9dfm/AM42Hh1b7sKES5s5lELvCehXhrzvh2RGBGH0tAljEdrVkQzRkpqlM4bEcUpYZqBLA== X-Google-Smtp-Source: AGHT+IElRmOWLM/3F8PGry5C4/HzPAaddsW6o6Wcbr4T6Vbs6QjXgFO+CbbQjDAgNWo+RePcSAq+ X-Received: by 2002:a05:620a:3b89:b0:790:e8f5:c05a with SMTP id ye9-20020a05620a3b8900b00790e8f5c05amr2218766qkn.78.1714733581898; Fri, 03 May 2024 03:53:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1714733581; cv=none; d=google.com; s=arc-20160816; b=EmBJxeSTMxkWMaZinH6r5jg5Tg97mgNzE5z4k1wcmu9s5aGd/kv/cyEDr7noZzfQOa 9qVPpEeH0Fy15OCU9UQxuV03uC/j9mYh+8IUm1ii88m39/CtQWTFcqxsu2C+70/AJrCC PkxRduo5UqR6UR9IhxRMa+qZ6P01Tj8qG4yh3xFvLm/Cp9LsCpOPijFPyCwbyoffsep/ wlHnv6BleKib4Fax+gH3hgMVvhix/tqh0DbH/18ZZKkPEv6lRv/k7V9dR4D83JvmCgSy 6YxRfRENr8esWOVUh8D4Rj6iCj7mCL4ZwmfmxJEPLiI8US+hJe8mn/OLBEt7+Mj4o9Yd OEdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:mime-version:date:content-transfer-encoding:message-id:to :from:delivered-to:delivered-to:reply-to:list-id:list-subscribe :list-unsubscribe:list-help:list-post:precedence:mailing-list; bh=inXRHyyEIT3f7T+dBlsKiwSuv7YuelX3trDm4haZNH4=; fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=; b=P0BlUquKEtyrYRctWwqwu56V7u9/hG32H6yyesx0qAKYUK/PphiFIB1JbOQs/p2WR7 IIfvzWrG8FTKlQxhdgiq0INp1Irg674etRmVDmOdy+UaMEz/s+9+Cx8fN7/kbsawjDeb n732zDP447WR/bvBHiPW5r8A/rU0PXmQa5cHONG5b9EZLnXNjFiu8gvgra6oeri00AN/ BsTlO+U9qS7R2U7MBK/UY8ZAfeftwjjE8+wqhNmbSj4nU8KgoXkzUWdmo62YoEFn3JCF Qp8nMzb3jNHQYYUFoBCv3+nL6r2zXRwj+m4P0HWmiF1OEDMcozACvqrjTjC7oB8kZXCF h3Bg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com" Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id dz5-20020a05620a2b8500b0078ec815992fsi3199088qkb.225.2024.05.03.03.53.01 for ; Fri, 03 May 2024 03:53:01 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; spf=pass (google.com: domain of oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30117-linux.lists.archive=gmail.com@lists.openwall.com" Received: (qmail 32491 invoked by uid 550); 3 May 2024 10:48:30 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 16182 invoked from network); 3 May 2024 08:03:47 -0000 Authentication-Results: apache.org; auth=none Content-Type: text/plain; charset=utf-8 From: Stamatis Zampetakis To: oss-security@lists.openwall.com Message-ID: <99f26c7f-4611-6918-23c5-96c401972688@apache.org> Content-Transfer-Encoding: quoted-printable Date: Fri, 03 May 2024 08:03:35 +0000 MIME-Version: 1.0 Subject: [oss-security] CVE-2023-35701: Apache Hive: Arbitrary command execution via JDBC driver Severity: moderate Affected versions: - Apache Hive 4.0.0-alpha-1 before 4.0.0 Description: Improper Control of Generation of Code ('Code Injection') vulnerability in = Apache Hive. The vulnerability affects the Hive JDBC driver component and it can = potentially lead to arbitrary code execution on the machine/endpoint that = the JDBC driver (client) is running. The malicious user must have = sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying = on the Hive JDBC driver and the JDBC client process must run under a = privileged user to fully exploit the vulnerability.=C2=A0 The attacker can setup a malicious HTTP server and specify a JDBC URL = pointing towards this server. When a JDBC connection is attempted, the = malicious HTTP server can provide a special response with customized = payload that can trigger the execution of certain commands in the JDBC = client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0. Users are recommended to upgrade to version 4.0.0, which fixes the issue. This issue is being tracked as HIVE-27554=20 Credit: Kostya Kortchinsky (reporter) References: https://hive.apache.org/ https://www.cve.org/CVERecord?id=3DCVE-2023-35701 https://issues.apache.org/jira/browse/HIVE-27554