[jira] [Updated] (AMBARI-20018) Document security issue related to setting security.agent.hostname.validate to false

Robert Levas (JIRA) Wed, 15 Feb 2017 07:01:26 -0800

     [ 
https://issues.apache.org/jira/browse/AMBARI-20018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Levas updated AMBARI-20018:
----------------------------------
    Attachment: AMBARI-20018_trunk_02.patch
                AMBARI-20018_branch-2.5_02.patch

> Document security issue related to setting security.agent.hostname.validate 
> to false
> ------------------------------------------------------------------------------------
>
>                 Key: AMBARI-20018
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20018
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.4.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>             Fix For: 2.5.0
>
>         Attachments: AMBARI-20018_branch-2.5_01.patch, 
> AMBARI-20018_branch-2.5_02.patch, AMBARI-20018_trunk_01.patch, 
> AMBARI-20018_trunk_02.patch
>
>
> Document security issue related to setting security.agent.hostname.validate 
> to "false".
> If set to "false", invalid hostnames may be used in OpenSSL commands used to 
> create the agent-side certificates when 2-way SSL is enabled. This could lead 
> to issues when executing OpenSSL as described in CVE-2014-3582. See 
> https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (AMBARI-20018) Document security issue related to setting security.agent.hostname.validate to false

Reply via email to