920926 – (CVE-2015-3010) VUL-0: CVE-2015-3010: ceph-deploy: keyring permissions are world readable in ~ceph

Bug 920926 (CVE-2015-3010) - VUL-0: CVE-2015-3010: ceph-deploy: keyring permissions are world readable in ~ceph

Summary: VUL-0: CVE-2015-3010: ceph-deploy: keyring permissions are world readable in ...

Status:	RESOLVED FIXED

Alias:	CVE-2015-3010

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Critical
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-03-05 17:30 UTC by Andreas Stieger
Modified:	2016-04-27 18:22 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-03-05 17:30:47 UTC

After execution of ceph-deploy, ~ceph/ceph.client.admin.keyring has mode 644 owned by ceph:users. The Key is a pre-shared key matching the one in /etc/ceph/ceph.clkient.admin.keyring on each non-admin node.

The attack scenario here is obviously if the user follows the documented ceph-deploy procedure by creating a dedicated admin user, he will create keys readable to all other (non-admin) users as well, thus leaking authentication credentials.

Could you check if this is an issue?

Comment 4 Owen Synge 2015-03-17 09:13:10 UTC

I have made a simple patch for us.

Sadly patch does not cleanly apply to upstream but the code logic is unchanged.

Comment 5 Owen Synge 2015-03-17 13:24:51 UTC

Made upstream pull request.

https://github.com/ceph/ceph-deploy/pull/266

Also resolved in storage 1:0 release.

Comment 6 Owen Synge 2015-03-18 12:11:05 UTC

Done

Comment 8 Andreas Stieger 2015-03-24 14:05:48 UTC

Upstream commit:

https://github.com/ceph/ceph-deploy/commit/eee56770393bf19ed2dd5389226c6190c08dee3f

Comment 9 Owen Synge 2015-04-08 11:15:18 UTC

Closed

Comment 11 Andreas Stieger 2015-06-01 08:25:23 UTC

bug 933028 (CVE-2015-4053) came up and should be added to this update.

Comment 12 Nathan Cutler 2015-06-01 11:14:35 UTC

Upstream merged Owen's patch in https://github.com/ceph/ceph-deploy/pull/272

Comment 13 Swamp Workflow Management 2015-06-23 14:01:38 UTC

SUSE-SU-2015:1102-1: An update that solves three vulnerabilities and has 12 fixes is now available.

Category: security (moderate)
Bug References: 889053,903007,907510,915567,915783,919091,919313,919965,920926,924269,924894,927862,929553,929886,929914
CVE References: CVE-2014-3589,CVE-2014-3598,CVE-2015-3010
Sources used:
SUSE Enterprise Storage 1.0 (src):    calamari-clients-1.2.2+git.1428648634.40dfe5b-3.1, ceph-0.80.9-5.1, ceph-deploy-1.5.19+git.1431355031.6178cf3-9.1, python-Pillow-2.7.0-4.1, python-djangorestframework-2.3.12-4.2

Comment 14 Andreas Stieger 2015-08-17 12:50:13 UTC

released