Bugzilla – Bug 1171658
VUL-1: CVE-2020-12831: frr: default permission issue eases information leaks
Last modified: 2020-06-04 12:02:45 UTC
CVE-2020-12831 Description of problem: By default, frr creates empty configuration files, however unfortunately with too wide permissions: As per http://docs.frrouting.org/en/latest/bgp.html, /etc/frr/bgpd.conf is also meant to contain the BGP password for peerings/sessions, thus proper default permissions should be applied by frr when even creating this file for administrator convenience. Otherwise information leaks are eased. Version-Release number of selected component (if applicable): frr-7.0-5.el8.x86_64 How reproducible: See above and below. Steps to Reproduce: 1. dnf install frr 2. sed -e 's/^zebra=no/zebra=yes/' -e 's/^bgpd=no/bgpd=yes/' -i /etc/frr/daemons 3. systemctl start frr.service 4. ls -l /etc/frr/bgpd.conf -rw-r--r--. 1 frr frr 0 May 4 01:07 /etc/frr/bgpd.conf 5. ls -ld /etc/frr/ drwxr-xr-x. 2 frr frr 4096 May 4 01:07 /etc/frr/ Actual results: World-readable /etc/frr/bgpd.conf by default. Expected results: /etc/frr/bgpd.conf should be maybe 640 by default. Additional info: I did not investigate whether this is an upstream or a downstream issue, given frr.service seems to be built on an old initscript (/usr/lib/frr/frr) rather being a modern systemd unit. References: https://bugzilla.redhat.com/show_bug.cgi?id=1830805 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12831
Only in TW. The fix is available at [1] [1] https://github.com/FRRouting/frr/pull/6383/commits/5c9063771195bb51a8cc1c64f9924e53a0602817
Applied the commit and submitted to Factory: https://build.opensuse.org/request/show/810509
Request has been approved.