1233520 – (CVE-2015-3248) CVE-2015-3248 openhpi: world writable /var/lib/openhpi directory

Bug 1233520 (CVE-2015-3248) - CVE-2015-3248 openhpi: world writable /var/lib/openhpi directory

Summary: CVE-2015-3248 openhpi: world writable /var/lib/openhpi directory

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-3248
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1297458 (view as bug list)
Depends On:	1063367 1233521 1258729
Blocks:	1210268 1233522 1297459
TreeView+	depends on / blocked

Reported:	2015-06-19 05:40 UTC by Kurt Seifried
Modified:	2023-05-12 18:23 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory.
Clone Of:
Environment:
Last Closed:	2015-11-20 05:03:57 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:2369	0	normal	SHIPPED_LIVE	Low: openhpi security, bug fix, and enhancement update	2015-11-19 10:41:44 UTC

Description Kurt Seifried 2015-06-19 05:40:20 UTC

openhpi ships with the /var/lib/openhpi/ directory set world readable and 
writeable. If this directory is used for storing the OPENHPI_UID_MAP or other
openhpi data for example an attacker would be able to view, modify and delete 
it. Even without such usage an attacker could use it to fill up the storage
hosting the /var/lib/ directory if quotas are not properly set.

Comment 1 Kurt Seifried 2015-06-19 05:41:43 UTC

Created openhpi tracking bugs for this issue:

Affects: fedora-all [bug 1233521]

Comment 3 Kurt Seifried 2015-11-17 17:37:44 UTC

Acknowledgement:

This issue was discovered by Marko Myllynen of Red Hat.

Comment 4 errata-xmlrpc 2015-11-19 12:09:56 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2369 https://rhn.redhat.com/errata/RHSA-2015-2369.html

Comment 5 Huzaifa S. Sidhpurwala 2015-11-20 05:03:57 UTC

Statement:

This issue affects the version of openhpi as shipped with Red Hat Enterprise Linux 5 and 6. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.

Comment 6 Huzaifa S. Sidhpurwala 2016-03-14 08:55:01 UTC

*** Bug 1297458 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.