Bug 1233520 (CVE-2015-3248)

Summary: CVE-2015-3248 openhpi: world writable /var/lib/openhpi directory
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dan, pknirsch, rdossant, rvokal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-20 05:03:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1063367, 1233521, 1258729    
Bug Blocks: 1210268, 1233522, 1297459    

Description Kurt Seifried 2015-06-19 05:40:20 UTC 
openhpi ships with the /var/lib/openhpi/ directory set world readable and 
writeable. If this directory is used for storing the OPENHPI_UID_MAP or other
openhpi data for example an attacker would be able to view, modify and delete 
it. Even without such usage an attacker could use it to fill up the storage
hosting the /var/lib/ directory if quotas are not properly set.
Comment 1 Kurt Seifried 2015-06-19 05:41:43 UTC 
Created openhpi tracking bugs for this issue:

Affects: fedora-all [bug 1233521]
Comment 3 Kurt Seifried 2015-11-17 17:37:44 UTC 
Acknowledgement:

This issue was discovered by Marko Myllynen of Red Hat.
Comment 4 errata-xmlrpc 2015-11-19 12:09:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2369 https://rhn.redhat.com/errata/RHSA-2015-2369.html
Comment 5 Huzaifa S. Sidhpurwala 2015-11-20 05:03:57 UTC 
Statement:

This issue affects the version of openhpi as shipped with Red Hat Enterprise Linux 5 and 6. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.
Comment 6 Huzaifa S. Sidhpurwala 2016-03-14 08:55:01 UTC 
*** Bug 1297458 has been marked as a duplicate of this bug. ***