Download
| Alert*
|
oval:org.secpod.oval:def:111830
ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. oval:org.secpod.oval:def:111819 ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. oval:org.secpod.oval:def:1900099 No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. oval:org.secpod.oval:def:53339 It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see https://cwiki.apache. ... oval:org.secpod.oval:def:1900804 Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5. ... oval:org.secpod.oval:def:1900923 Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string. |
