Apache Hive Timing Attack Vulnerability in Signature Verification

A timing attack vulnerability has been identified in Apache Hive versions 2.2.0 prior to 4.0.0. The issue arises in the LlapSignerImpl component, where the use of Arrays.equals() for comparing message signatures allows an authorized attacker to forge a valid signature for an arbitrary message, byte by byte. This vulnerability could enable malicious users to submit work with selected signatures to the LLAP (Live Long And Process) service without requiring privileged access, potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability could allow an authorized user to forge signatures, bypassing normal authentication mechanisms and potentially leading to a denial-of-service condition by overloading the LLAP service with crafted requests.

Reproduction

The vulnerability can be reproduced by an authorized user of Apache Hive 2.2.0 prior to 4.0.0. The user can send messages with forged signatures to the LLAP service, taking advantage of the timing discrepancies in the signature verification process. This can be done by manipulating the signatures byte by byte until a valid signature is achieved.

Remediation

Users are advised to upgrade to Apache Hive version 4.0.0 or later, where this vulnerability has been fixed.