Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-20018

Document security issue related to setting security.agent.hostname.validate to false

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.4.0
    • 2.5.0
    • ambari-server
    • None

    Description

      Document security issue related to setting security.agent.hostname.validate to "false".

      If set to "false", invalid hostnames may be used in OpenSSL commands used to create the agent-side certificates when 2-way SSL is enabled. This could lead to issues when executing OpenSSL as described in CVE-2014-3582. See https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities.

      Attachments

        1. AMBARI-20018_branch-2.5_01.patch
          3 kB
          Robert Levas
        2. AMBARI-20018_trunk_01.patch
          3 kB
          Robert Levas
        3. AMBARI-20018_branch-2.5_02.patch
          3 kB
          Robert Levas
        4. AMBARI-20018_trunk_02.patch
          3 kB
          Robert Levas

        Issue Links

          Activity

            People

              rlevas Robert Levas
              rlevas Robert Levas
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: