Bug 1914379 (CVE-2021-20179)

Summary: CVE-2021-20179 pki-core: Unprivileged users can renew any certificate
Product: [Other] Security Response Reporter: Cedric Buissart <cbuissar>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abokovoy, alee, alexander.m.scheel, cfu, dsirrine, edewata, jmagne, kwright, mharmsen, mkdineshprasanth, rhcs-maint, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pki-core 10.5, pki-core 10.8, pki-core 10.9, pki-core 10.10, pki-core 10.11 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-03-15 17:25:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1914387, 1914394, 1914395, 1914396, 1916327, 1916376, 1916377, 1934282, 1934283, 1938207    
Bug Blocks: 1914363, 1938322    

Description Cedric Buissart 2021-01-08 17:08:03 UTC
It was found that an unprivileged user can renew a certificate.

An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked.

References:

https://github.com/dogtagpki/pki/pull/3478 
https://github.com/dogtagpki/pki/pull/3477 
https://github.com/dogtagpki/pki/pull/3476 
https://github.com/dogtagpki/pki/pull/3475 
https://github.com/dogtagpki/pki/pull/3474

Comment 6 Cedric Buissart 2021-01-11 17:54:52 UTC
Acknowledgments:

Name: Fraser Tweedale, Geetika Kapoor

Comment 14 Cedric Buissart 2021-03-12 13:23:27 UTC
Created pki-core tracking bugs for this issue:

Affects: fedora-all [bug 1938207]

Comment 16 errata-xmlrpc 2021-03-15 13:26:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2021:0819 https://access.redhat.com/errata/RHSA-2021:0819

Comment 17 Product Security DevOps Team 2021-03-15 17:25:51 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-20179

Comment 18 errata-xmlrpc 2021-03-16 13:48:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0851 https://access.redhat.com/errata/RHSA-2021:0851

Comment 19 errata-xmlrpc 2021-03-23 10:54:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:0966 https://access.redhat.com/errata/RHSA-2021:0966

Comment 20 errata-xmlrpc 2021-03-23 16:46:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:0975 https://access.redhat.com/errata/RHSA-2021:0975

Comment 21 errata-xmlrpc 2021-04-20 09:49:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:1263 https://access.redhat.com/errata/RHSA-2021:1263