Bug 1041963 (CVE-2017-9270)

Summary: VUL-0: CVE-2017-9270: cryptctl: post-auth arbitrary file write on cryptctl server
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: hguo, meissner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv3:SUSE:CVE-2017-9270:8.7:(AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) CVSSv2:SUSE:CVE-2017-9270:7.9:(AV:N/AC:M/Au:S/C:C/I:C/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Sebastian Krahmer 2017-05-31 13:04:17 UTC
Cryptctl allows to write to arbitrary files. Please see


Its necessary to know the password to connect to the server,
and the password is not stored on the clients. So this is not as
severe as I first thought.

The review is not yet finished, as cryptctl will get
redesigned (probably based on KMIP). This issue should however be fixed
for released products.
Comment 1 Howard Guo 2017-07-07 14:23:54 UTC
See May changelog entry of cryptctl version 2 that addressed this issue in SP3:

Patch for SP2 has been queued for release since a month ago:
Comment 2 Marcus Meissner 2017-07-10 08:43:20 UTC
Howard, this is your tool right? WHere is the git for it?
Comment 3 Howard Guo 2017-07-10 08:45:12 UTC
Over here:

Comment 4 Swamp Workflow Management 2017-07-14 19:11:16 UTC
SUSE-SU-2017:1865-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1041963
CVE References: CVE-2017-9270
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    cryptctl-1.2.6-5.3.11
Comment 5 Marcus Meissner 2017-10-25 19:12:11 UTC