ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-20018) Document security issue related to setting security.agent.hostname.validate to false
Date Tue, 14 Feb 2017 21:58:41 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-20018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Levas updated AMBARI-20018:
----------------------------------
    Attachment: AMBARI-20018_trunk_01.patch
                AMBARI-20018_branch-2.5_01.patch

> Document security issue related to setting security.agent.hostname.validate to false
> ------------------------------------------------------------------------------------
>
>                 Key: AMBARI-20018
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20018
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.4.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>             Fix For: 2.5.0
>
>         Attachments: AMBARI-20018_branch-2.5_01.patch, AMBARI-20018_trunk_01.patch
>
>
> Document security issue related to setting security.agent.hostname.validate to "false".
> If set to "false", invalid hostnames may be used in OpenSSL commands used to create the
agent-side certificates when 2-way SSL is enabled. This could lead to issues when executing
OpenSSL as described in CVE-2014-3582. See https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message