Bug 1105713 (CVE-2014-3251) - CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability
Summary: CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2014-3251
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1118889 1161821 1161822 1161823 1161824
Blocks: 1105714
TreeView+ depends on / blocked
 
Reported: 2014-06-06 19:16 UTC by Kurt Seifried
Modified: 2021-02-17 06:30 UTC (History)
14 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-11-08 04:40:14 UTC
Embargoed:

Attachments (Terms of Use)
mcollective-2.5.2-flaw-in-aes_security.patch (14.31 KB, patch)
2014-07-10 06:06 UTC, Kurt Seifried 		no flags Details | Diff
View All

Description Kurt Seifried 2014-06-06 19:16:52 UTC 
Mark Chappell of Red Hat reports:

When configured to automatically discover and store certificates the 
aes_security plugin relies on the file name of the SSL certificate as stored 
on the client rather than any of the information in the SSL certificate when 
creating the file to store the certificate in. Due to a lack of checks in
aes_security.rb this allows arbitrary files to be created.
Comment 1 Kurt Seifried 2014-07-10 06:00:25 UTC 
A planned disclosure date, Tuesday, July 15, 2014, at 14:30 UTC has been set, please note that this may change.
Comment 2 Kurt Seifried 2014-07-10 06:06:52 UTC 
Created attachment 916998 [details]
mcollective-2.5.2-flaw-in-aes_security.patch
Comment 4 Kurt Seifried 2014-11-08 04:40:14 UTC 
Statement:

Red Hat OpenShift Enterprise 2 is now in Production 1 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat OpenShift Enterprise 2 Life Cycle: https://access.redhat.com/support/policy/updates/openshift.
Comment 5 Kurt Seifried 2014-11-08 04:41:08 UTC 
Created mcollective tracking bugs for this issue:

Affects: epel-5 [bug 1161821]
Comment 6 Kurt Seifried 2014-11-08 04:41:20 UTC 
Created mcollective tracking bugs for this issue:

Affects: epel-6 [bug 1161822]
Comment 7 Kurt Seifried 2014-11-08 04:41:37 UTC 
Created mcollective tracking bugs for this issue:

Affects: epel-7 [bug 1161823]
Comment 8 Kurt Seifried 2014-11-08 04:41:51 UTC 
Created mcollective tracking bugs for this issue:

Affects: fedora-all [bug 1161824]
Comment 9 Eric Christensen 2015-06-04 20:09:09 UTC 
Is it appropriate to go ahead and close the tracking bugs on this ticket?
Comment 10 Kurt Seifried 2015-06-11 21:03:04 UTC 
It's wontfix for Red Hat, Fedora/EPEL may choose to rebase so we leave the trackers open for them.
Note You need to log in before you can comment on or make changes to this bug.