Re: Two Apache Zookeeper security vulnerabilities

2019-08-13 Thread Xiaoqin Fu
many production systems so that we should protect sensitive information. Thank you very much! Yours sincerely Xiaoqin Fu On Mon, Aug 12, 2019 at 11:45 AM Fangmin Lv wrote: > Agreed with Enrico and Patrick, those informations in log seems not > critical to me, doesn

An Apache Zookeeper Security Vulnerability

2019-08-12 Thread Xiaoqin Fu
ug("Ignoring processTxn failure hdr:" + hdr.getType() + ", error: " + rc.err + ", path: " + rc.path); } .. } In JIRA, it is at https://issues.apache.org/jira/browse/ZOOKEEPER-3504 Please help me confirm it. Thank you very much! Yours sincerely Xiaoqin Fu

Re: Two Apache Zookeeper security vulnerabilities

2019-08-05 Thread Xiaoqin Fu
LcRb1B2epe9cI&m=C_FrvfYh4GtqQesDyKDl4kau6xsDwvLGHAA0IZB9etE&s=mZcIhnGSnLca5JxJbOoKzoTiSuQQZmtyDo_eadoJHcw&e=> Please confirm them and give them CVE IDs. Thank you very much! Yours sincerely Xiaoqin Fu On Mon, Aug 5, 2019 at 6:23 PM Xiaoqin Fu wrote: > Dear Patrick Hunt: >

Apache Zookeeper Bugs

2019-08-01 Thread Xiaoqin Fu
Dear developers: I am a Ph.D. student at Washington State University. I applied dynamic taint analyzer (distTaint) to Apache Zookeeper (version 3.4.11). And then I find several bugs, that exist from 3.4.11-3.4.14 and 3.5.5, from tainted paths: 1. In org.apache.zookeeper.server.ZooKeeperServer: