Christoph Anton Mitterer
2017-07-31 13:03:40 UTC
Source: zookeeper
Severity: grave
Tags: security
Justification: user security hole
Hi.
It seems there is a grave permission issue in the zookeeper package,
namely that /var/lib/zookeeper is created world-readable.
Since ZK creates its files word-readable as well, any user on the system
can extract any data stored with ZK, which can easily contain very
sensitive information on the clustered system relying on ZK.
Cheers,
Chris.
Severity: grave
Tags: security
Justification: user security hole
Hi.
It seems there is a grave permission issue in the zookeeper package,
namely that /var/lib/zookeeper is created world-readable.
Since ZK creates its files word-readable as well, any user on the system
can extract any data stored with ZK, which can easily contain very
sensitive information on the clustered system relying on ZK.
Cheers,
Chris.