Bug 1041963 - (CVE-2017-9270) VUL-0: CVE-2017-9270: cryptctl: post-auth arbitrary file write on cryptctl server
(CVE-2017-9270)
VUL-0: CVE-2017-9270: cryptctl: post-auth arbitrary file write on cryptctl se...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv3:SUSE:CVE-2017-9270:8.7:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-31 13:04 UTC by Sebastian Krahmer
Modified: 2018-03-01 10:51 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2017-05-31 13:04:17 UTC
Cryptctl allows to write to arbitrary files. Please see

https://bugzilla.suse.com/show_bug.cgi?id=1030468#c5

Its necessary to know the password to connect to the server,
and the password is not stored on the clients. So this is not as
severe as I first thought.

The review is not yet finished, as cryptctl will get
redesigned (probably based on KMIP). This issue should however be fixed
for released products.
Comment 1 Howard Guo 2017-07-07 14:23:54 UTC
See May changelog entry of cryptctl version 2 that addressed this issue in SP3:
https://build.suse.de/package/view_file/SUSE:SLE-12-SP3:GA/cryptctl/cryptctl.changes?expand=1

Patch for SP2 has been queued for release since a month ago:
https://build.suse.de/project/show/SUSE:Maintenance:4827
Comment 2 Marcus Meissner 2017-07-10 08:43:20 UTC
Howard, this is your tool right? WHere is the git for it?
Comment 3 Howard Guo 2017-07-10 08:45:12 UTC
Over here:

https://github.com/HouzuoGuo/cryptctl
Comment 4 Swamp Workflow Management 2017-07-14 19:11:16 UTC
SUSE-SU-2017:1865-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1041963
CVE References: CVE-2017-9270
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    cryptctl-1.2.6-5.3.11
Comment 5 Marcus Meissner 2017-10-25 19:12:11 UTC
released