Project

Profile

Help

Issue #1834

CVE-2016-3112: Pulp consumer private keys are world-readable

Added by jcline@redhat.com over 3 years ago. Updated 4 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Severity:
1. Low
Version:
Platform Release:
2.8.3
Blocks Release:
OS:
Backwards Incompatible:
No
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:

Description

Pulp consumers write the certificate and private key issued by the Pulp server's registration process to /etc/pki/pulp/consumer/consumer-cert.pem with 644 permissions, which allowed anyone on the host to read the private key.

This means a non-privileged user on the host could authenticate with the Pulp server as the consumer.

Associated revisions

Revision 707a39cb View on GitHub
Added by Jeremy Cline over 3 years ago

Create consumer private keys with 600 permissions (CVE-2016-3112)

Prior to this commit, consumers wrote the certificate and private key
issued by the Pulp server's registration process to
/etc/pki/pulp/consumer/consumer-cert.pem with 644 permissions, which
allowed anyone on the host to read the private key. This ensures the
file is written with 600 permissions.

https://pulp.plan.io/issues/1834

fixes #1834

Revision 707a39cb View on GitHub
Added by Jeremy Cline over 3 years ago

Create consumer private keys with 600 permissions (CVE-2016-3112)

Prior to this commit, consumers wrote the certificate and private key
issued by the Pulp server's registration process to
/etc/pki/pulp/consumer/consumer-cert.pem with 644 permissions, which
allowed anyone on the host to read the private key. This ensures the
file is written with 600 permissions.

https://pulp.plan.io/issues/1834

fixes #1834

Revision 707a39cb View on GitHub
Added by Jeremy Cline over 3 years ago

Create consumer private keys with 600 permissions (CVE-2016-3112)

Prior to this commit, consumers wrote the certificate and private key
issued by the Pulp server's registration process to
/etc/pki/pulp/consumer/consumer-cert.pem with 644 permissions, which
allowed anyone on the host to read the private key. This ensures the
file is written with 600 permissions.

https://pulp.plan.io/issues/1834

fixes #1834

Revision e152f9e1 View on GitHub
Added by rbarlow over 3 years ago

Add release notes for the upcoming 2.8.3.

re #1827
re #1830
re #1833
re #1834
re #1837

Credit goes to Jeremy Cline for writing the included release notes
for CVE-2016-3111 and CVE-2016-3112.

Revision e152f9e1 View on GitHub
Added by rbarlow over 3 years ago

Add release notes for the upcoming 2.8.3.

re #1827
re #1830
re #1833
re #1834
re #1837

Credit goes to Jeremy Cline for writing the included release notes
for CVE-2016-3111 and CVE-2016-3112.

Revision e152f9e1 View on GitHub
Added by rbarlow over 3 years ago

Add release notes for the upcoming 2.8.3.

re #1827
re #1830
re #1833
re #1834
re #1837

Credit goes to Jeremy Cline for writing the included release notes
for CVE-2016-3111 and CVE-2016-3112.

History

#1 Updated by jcline@redhat.com over 3 years ago

  • Private changed from No to Yes

#2 Updated by jcline@redhat.com over 3 years ago

  • Subject changed from reserved to Pulp consumer private keys are world-readable
  • Description updated (diff)
  • Private changed from Yes to No

#3 Updated by jcline@redhat.com over 3 years ago

  • Status changed from NEW to POST
  • Assignee set to jcline@redhat.com

#4 Updated by semyers over 3 years ago

  • Platform Release set to 2.8.3

#5 Updated by semyers over 3 years ago

  • Subject changed from Pulp consumer private keys are world-readable to CVE-2016-3112: Pulp consumer private keys are world-readable

#6 Updated by Anonymous over 3 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#7 Updated by mhrivnak over 3 years ago

  • Priority changed from Normal to High
  • Severity changed from 2. Medium to 1. Low
  • Triaged changed from No to Yes

#8 Updated by semyers over 3 years ago

  • Status changed from MODIFIED to ON_QA

#9 Updated by semyers over 3 years ago

  • Status changed from ON_QA to CLOSED - CURRENTRELEASE

#10 Updated by bmbouter 4 months ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF