FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

hive -- authorization logic vulnerability

Affected packages
hive < 2.0.0

Details

VuXML ID a5c204b5-4153-11e6-8dfe-002590263bf5
Discovery 2016-01-28
Entry 2016-07-03

Sushanth Sowmyan reports:

Some partition-level operations exist that do not explicitly also authorize privileges of the parent table. This can lead to issues when the parent table would have denied the operation, but no denial occurs because the partition-level privilege is not checked by the authorization framework, which defines authorization entities only from the table level upwards.

[source]

References

CVE Name CVE-2015-7521
URL http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.