zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Lowman <plow...@workforcesoftware.com>
Subject Question on mitigation for CVE-2018-8012 "Apache ZooKeeper Quorum Peer mutual authentication"
Date Fri, 25 May 2018 15:38:43 GMT
Hello,

In regards to the CVE-2018-8012<https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E>
advisory posted on Monday, it contains the following statement “Alternatively ensure the
ensemble election/quorum communication is protected by a firewall as this will mitigate the
issue”.

I just wanted to ask (or hopefully just confirm), does this communication exclusively travel
over the “leader election port”?

In example configuration files the leader election port (see server.x in the docs<http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_configuration>)
is typically defined to be port 3888.

server.1=zoo1:2888:3888
server.2=zoo2:2888:3888
server.3=zoo3:2888:3888

Thanks


[cid:image001.png@01D27AD2.35225910]

Philip Lowman
Sr. Software Security Engineer



WorkForce Software |  38705 Seven Mile Road, Livonia, MI 48152
T: +1 734-742-3610 |  E: plowman@workforcesoftware.com<mailto:plowman@workforcesoftware.com>








This message is intended exclusively for the individual or entity to which it is addressed.
This communication may contain information that is proprietary, privileged, confidential or
otherwise legally exempt from disclosure. If you are not the named addressee, or have been
inadvertently and erroneously referenced in the address line, you are not authorized to read,
print, retain, copy or disseminate this message or any part of it. If you have received this
message in error, please notify the sender immediately by e-mail and delete all copies of
the message. (ID m031214)
Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message