Bug 1216073 (CVE-2015-3156) - CVE-2015-3156 openstack-trove: multiple insecure /tmp file usage issues
Summary: CVE-2015-3156 openstack-trove: multiple insecure /tmp file usage issues
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-3156
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1247447 1247448
Blocks: 1216080
TreeView+ depends on / blocked
 
Reported: 2015-04-28 12:51 UTC by Vasyl Kaigorodov
Modified: 2021-02-17 05:21 UTC (History)
19 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-28 03:12:27 UTC
Embargoed:

Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-04-28 12:51:03 UTC 
Michael Scherer of Red Hat reported multiple issues in OpenStack Trove where temporary files are used in an insecure way in different modules:

  trove: MongoDB datastore module in guestagent insecure /tmp file usage in _write_config()
  https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176

  trove: PostgreSQL datastore module in guestagent insecure /tmp file usage in reset_configuration()
  https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/postgresql/service/config.py#L70

  trove: Redis datastore module in guestagent insecure /tmp file usage in write_config()
  https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236

  trove: MySQL datastore module in guestagent insecure /tmp file usage in _write_mycnf()
  https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790

  trove: MySQL restore strategy in guestagent insecure /tmp file usage in InnoBackupEx::_run_prepare()
  https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194

  trove: MySQL backup strategy in guestagent insecure /tmp file usage in InnoBackupEx::cmd()
  https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55

  trove: MySQL backup strategy in guestagent insecure /tmp file usage in MySQLDump::cmd()
  https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36

  trove: MySQL backup strategy in guestagent insecure /tmp file usage in InnoBackupExIncremental::cmd()
  https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110

  trove: Cassandra datastore module insecure /tmp file usage in _get_actual_db_status()
  https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/system.py#L33
  https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230

  trove: Couchbase backup strategy insecure /tmp file usage in multiple class CbBackup methods
  https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30
Comment 1 Vasyl Kaigorodov 2015-04-30 14:54:54 UTC 
Upstream does not consider this as a security issue, from https://bugs.launchpad.net/trove/+bug/1398195 :

Due to the need for access to the instance filesystem and the limited exposure (basically anyone with shell access to a Trove instance is going to be the administrator of the infrastructure on which it's running) along with the fact that it's only slated to be fixed in the master branch for inclusion in the upcoming Kilo release, the VMT will not be publishing a security advisory nor requesting a CVE for this bug.
Comment 3 Garth Mollett 2015-07-28 03:11:47 UTC 
Created openstack-trove tracking bugs for this issue:

Affects: fedora-all [bug 1247447]
Affects: openstack-rdo [bug 1247448]
Note You need to log in before you can comment on or make changes to this bug.