Bug 1131680 (CVE-2014-3602)

Summary: CVE-2014-3602 OpenShift: /proc/net/tcp information disclosure
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bleanhar, ccoleman, dmcphers, erich, jdetiber, jhonce, jialiu, jkeck, jokerman, jrusnack, kseifried, lmeyer, miguel, mmccomas, mmcgrath, pablo.iranzo, pep, rchopra
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further targeted attacks.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-17 04:38:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1131804, 1151561, 1165395    
Bug Blocks: 1024531, 767033, 1131681, 1148171    

Description Kurt Seifried 2014-08-19 19:49:43 UTC
OpenShift fails to restrict access to /proc/net/tcp which allows local users 
to view all listening connections and connected sockets. This can result in
remote systems IP/port numbers in use being exposed which may be useful for 
further targeted attacks. Please note that for local listeners OpenShift 
restricts connections to within the cartridge by default, so even with the 
knowledge of the local port and ip the attacker will not be able to connect.

Comment 4 Kurt Seifried 2014-08-20 16:41:48 UTC
*** Bug 817596 has been marked as a duplicate of this bug. ***

Comment 5 Kurt Seifried 2014-09-29 21:46:00 UTC
*** Bug 1147598 has been marked as a duplicate of this bug. ***

Comment 10 errata-xmlrpc 2014-11-03 19:54:46 UTC
This issue has been addressed in the following products:

  RHEL 6 Version of OpenShift Enterprise 2.2

Via RHSA-2014:1796 https://rhn.redhat.com/errata/RHSA-2014-1796.html

Comment 14 Martin Prpič 2014-11-19 10:27:52 UTC
IssueDescription:

It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further targeted attacks.

Comment 15 errata-xmlrpc 2014-11-25 18:19:29 UTC
This issue has been addressed in the following products:

  RHEL 6 Version of OpenShift Enterprise 2.1

Via RHSA-2014:1906 https://rhn.redhat.com/errata/RHSA-2014-1906.html