Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-20018

Document security issue related to setting security.agent.hostname.validate to false

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.4.0
    • 2.5.0
    • ambari-server
    • None

    Description

      Document security issue related to setting security.agent.hostname.validate to "false".

      If set to "false", invalid hostnames may be used in OpenSSL commands used to create the agent-side certificates when 2-way SSL is enabled. This could lead to issues when executing OpenSSL as described in CVE-2014-3582. See https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities.

      Attachments

        1. AMBARI-20018_branch-2.5_01.patch
          3 kB
          Robert Levas
        2. AMBARI-20018_branch-2.5_02.patch
          3 kB
          Robert Levas
        3. AMBARI-20018_trunk_01.patch
          3 kB
          Robert Levas
        4. AMBARI-20018_trunk_02.patch
          3 kB
          Robert Levas

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rlevas Robert Levas
            rlevas Robert Levas
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Issue deployment