1325934 – (CVE-2016-3108) CVE-2016-3108 pulp: Insecure temporary file used when generating certificate for Pulp Nodes

Bug 1325934 (CVE-2016-3108) - CVE-2016-3108 pulp: Insecure temporary file used when generating certificate for Pulp Nodes

Summary: CVE-2016-3108 pulp: Insecure temporary file used when generating certificate ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-3108
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1326913 1326919
Blocks:	1325942
TreeView+	depends on / blocked

Reported:	2016-04-11 12:53 UTC by Adam Mariš
Modified:	2021-04-06 17:58 UTC (History)
CC List:	21 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was found that the private key for the node certificate was contained in a world-readable temporary file. A local user could possibly use this flaw to gain access to the private key information in the temporary file.
Clone Of:
Environment:
Last Closed:	2016-09-19 19:02:46 UTC
Embargoed:

Attachments	(Terms of Use)
Proposed patch (1.99 KB, patch) 2016-04-11 12:54 UTC, Adam Mariš	no flags	Details \| Diff
Proposed patch (2.06 KB, patch) 2016-04-12 14:32 UTC, Randy Barlow	no flags	Details \| Diff
Show Obsolete (1) View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Pulp Redmine	1842	0	Low	CLOSED - WORKSFORME	Test Redmine's Bugzilla Integration	2016-04-13 19:57:28 UTC

Description Adam Mariš 2016-04-11 12:53:28 UTC

It was reported that pulp-gen-nodes-certificate script uses insecurely created temporary files for storing the generated node certificates, allowing local attackers to leak the keys or overwrite arbitrary file via symlink.

Comment 1 Adam Mariš 2016-04-11 12:53:37 UTC

Acknowledgments:

Name: Jeremy Cline (Red Hat), Sander Bos

Comment 2 Adam Mariš 2016-04-11 12:54:14 UTC

Created attachment 1145990 [details]
Proposed patch

Comment 3 Randy Barlow 2016-04-12 14:32:48 UTC

Created attachment 1146475 [details]
Proposed patch

I am attaching a revised version of the patch that removes the unneeded umask statement, and credits jcline in the commit message.

Comment 4 Randy Barlow 2016-04-13 16:52:53 UTC

This is reported upstream as #1830 and is fixed by PR #2528:

https://pulp.plan.io/issues/1830
https://github.com/pulp/pulp/pull/2528

Comment 7 pulp-infra@redhat.com 2016-04-13 19:57:29 UTC

The Pulp upstream bug status is at CLOSED - WORKSFORME. Updating the external tracker on this bug.

Comment 8 pulp-infra@redhat.com 2016-04-13 19:57:35 UTC

The Pulp upstream bug priority is at Low. Updating the external tracker on this bug.

Comment 9 Kurt Seifried 2016-09-19 19:02:46 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.2

Via RHSA-2016:1501

Note You need to log in before you can comment on or make changes to this bug.

bkearney
bmbouter
cbillett
daviddavis
dkliban
ggainey
ipanova
jcline
jmatthew
mhrivnak
mmccune
ohadlevy
pcreech
rbarlow
rchan
sean.myers
security-response-team
tjay
tlestach
tsanders
ttereshc