Bug 1041963 - (CVE-2017-9270) VUL-0: CVE-2017-9270: cryptctl: post-auth arbitrary file write on cryptctl server
VUL-0: CVE-2017-9270: cryptctl: post-auth arbitrary file write on cryptctl se...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-05-31 13:04 UTC by Sebastian Krahmer
Modified: 2018-03-01 10:51 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2017-05-31 13:04:17 UTC
Cryptctl allows to write to arbitrary files. Please see


Its necessary to know the password to connect to the server,
and the password is not stored on the clients. So this is not as
severe as I first thought.

The review is not yet finished, as cryptctl will get
redesigned (probably based on KMIP). This issue should however be fixed
for released products.
Comment 1 Howard Guo 2017-07-07 14:23:54 UTC
See May changelog entry of cryptctl version 2 that addressed this issue in SP3:

Patch for SP2 has been queued for release since a month ago:
Comment 2 Marcus Meissner 2017-07-10 08:43:20 UTC
Howard, this is your tool right? WHere is the git for it?
Comment 3 Howard Guo 2017-07-10 08:45:12 UTC
Over here:

Comment 4 Swamp Workflow Management 2017-07-14 19:11:16 UTC
SUSE-SU-2017:1865-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1041963
CVE References: CVE-2017-9270
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    cryptctl-1.2.6-5.3.11
Comment 5 Marcus Meissner 2017-10-25 19:12:11 UTC