Table of Contents |
---|
Fixed in Ambari 2.5.0
...
CVE-2017-5642: Ambari Server artifacts do not have proper ACLs
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: 2.4.0 to 2.4.2
Versions Fixed: 2.5.0
Description: During installation, Ambari Server artifacts are not created with proper ACLs
Mitigation: Ambari users should upgrade to version 2.5.0 or above; or for users of Version 2.4.0 through Version 2.4.2, a script provided with Version 2.5.0 may be executed to correct the ACLs on Ambari server artifacts.
The proper ACL's are set for installed Ambari artifacts in Ambari versions 2.5.0 and later. However, users of Version 2.4.0 through 2.4.2 may execute the script found at https://github.com/apache/ambari/blob/release-2.5.0/ambari-server/src/main/resources/scripts/check_ambari_permissions.py to fix the permissions on Ambari server artifacts on the Ambari server host.
Credit: Hortonworks
Fixed in Ambari 2.4.2
...
CVE-2016-6807: Custom commands may be executed without authorization
...