Hello, In regards to the CVE-2018-8012<https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E> advisory posted on Monday, it contains the following statement “Alternatively ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue”.
I just wanted to ask (or hopefully just confirm), does this communication exclusively travel over the “leader election port”? In example configuration files the leader election port (see server.x in the docs<http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_configuration>) is typically defined to be port 3888. server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888 Thanks [cid:[email protected]] Philip Lowman Sr. Software Security Engineer WorkForce Software | 38705 Seven Mile Road, Livonia, MI 48152 T: +1 734-742-3610 | E: [email protected]<mailto:[email protected]> This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure. If you are not the named addressee, or have been inadvertently and erroneously referenced in the address line, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. (ID m031214)
