VYPR
← All advisories
High severityNVD Advisory· Published Oct 28, 2019· Updated Aug 6, 2024

CVE-2012-2945

CVE-2012-2945

Description

Hadoop 1.0.3 contains a symlink vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Hadoop 1.0.3 contains a symlink vulnerability that could allow local privilege escalation or data manipulation.

Hadoop 1.0.3 contains a symlink vulnerability [1]. This issue was disclosed on the Full Disclosure mailing list in July 2012. The vulnerability arises when Hadoop handles file operations in an insecure manner, allowing a local user to create symbolic links that redirect file access to unintended locations [1].

An attacker must have local access to the system where Hadoop is running to exploit this vulnerability. The attack can be triggered during normal Hadoop file operations, such as when writing intermediate data or log files, by replacing a file with a symbolic link pointing to a sensitive system file [1].

Successful exploitation could allow the attacker to read or write arbitrary files with the privileges of the Hadoop process, potentially leading to data disclosure, corruption, or privilege escalation [1].

Apache Hadoop has since released updates addressing this vulnerability in later versions. Users still running Hadoop 1.0.3 are advised to upgrade to a supported release to mitigate the risk [1].

References
  1. NVD - CVE-2012-2945

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.hadoop:hadoop-mainMaven
< 1.0.41.0.4

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.