Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-20018

Document security issue related to setting security.agent.hostname.validate to false

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.4.0
    • 2.5.0
    • ambari-server
    • None

    Description

      Document security issue related to setting security.agent.hostname.validate to "false".

      If set to "false", invalid hostnames may be used in OpenSSL commands used to create the agent-side certificates when 2-way SSL is enabled. This could lead to issues when executing OpenSSL as described in CVE-2014-3582. See https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rlevas Robert Levas
            rlevas Robert Levas
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment