CVE-2018-11792

Name
CVE-2018-11792
Description
In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E
Third Party Advisory http://www.securityfocus.com/bid/105739

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:apache:impala:*:*:*:*:*:*:*:* impala >= None < 3.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
impala edge-community 0.7.3-r0 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
impala edge-community 0.7.2-r0 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
impala edge-community 0.7.0-r0 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
impala edge-community 0.6.0-r0 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
impala edge-community 0.5.0-r0 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
impala edge-community 0.4.1-r0 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
impala 3.23-community 0.6.0-r0 Milan P. Stanić <mps@arvanta.net> possibly vulnerable