[AMBARI-20018] Document security issue related to setting security.agent.hostname.validate to false - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4.0
Fix Version/s: 2.5.0
Component/s: ambari-server
Labels:
None

Description

Document security issue related to setting security.agent.hostname.validate to "false".

If set to "false", invalid hostnames may be used in OpenSSL commands used to create the agent-side certificates when 2-way SSL is enabled. This could lead to issues when executing OpenSSL as described in CVE-2014-3582. See https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-20018_trunk_02.patch
15/Feb/17 15:00
3 kB
Robert Levas
AMBARI-20018_trunk_01.patch
14/Feb/17 21:57
3 kB
Robert Levas
AMBARI-20018_branch-2.5_02.patch
15/Feb/17 15:00
3 kB
Robert Levas
AMBARI-20018_branch-2.5_01.patch
14/Feb/17 21:57
3 kB
Robert Levas

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Feb/17 21:34

Updated:: 29/May/17 17:14

Resolved:: 15/Feb/17 16:21