Bug 1041963 (CVE-2017-9270)

Summary: VUL-0: CVE-2017-9270: cryptctl: post-auth arbitrary file write on cryptctl server
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: hguo, meissner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv3:SUSE:CVE-2017-9270:8.7:(AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) CVSSv2:SUSE:CVE-2017-9270:7.9:(AV:N/AC:M/Au:S/C:C/I:C/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Sebastian Krahmer 2017-05-31 13:04:17 UTC
Cryptctl allows to write to arbitrary files. Please see

https://bugzilla.suse.com/show_bug.cgi?id=1030468#c5

Its necessary to know the password to connect to the server,
and the password is not stored on the clients. So this is not as
severe as I first thought.

The review is not yet finished, as cryptctl will get
redesigned (probably based on KMIP). This issue should however be fixed
for released products.
Comment 1 Howard Guo 2017-07-07 14:23:54 UTC
See May changelog entry of cryptctl version 2 that addressed this issue in SP3:
https://build.suse.de/package/view_file/SUSE:SLE-12-SP3:GA/cryptctl/cryptctl.changes?expand=1

Patch for SP2 has been queued for release since a month ago:
https://build.suse.de/project/show/SUSE:Maintenance:4827
Comment 2 Marcus Meissner 2017-07-10 08:43:20 UTC
Howard, this is your tool right? WHere is the git for it?
Comment 3 Howard Guo 2017-07-10 08:45:12 UTC
Over here:

https://github.com/HouzuoGuo/cryptctl
Comment 4 Swamp Workflow Management 2017-07-14 19:11:16 UTC
SUSE-SU-2017:1865-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1041963
CVE References: CVE-2017-9270
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    cryptctl-1.2.6-5.3.11
Comment 5 Marcus Meissner 2017-10-25 19:12:11 UTC
released