Project

Profile

Help

Issue #1837

CVE-2016-3111: pulp.spec generates its RSA keys for message signing insecurely

Added by jcline@redhat.com over 4 years ago. Updated 10 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Category:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
Platform Release:
2.8.3
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

During installation, the RSA key pairs used to validate messages between the pulp server and pulp consumers are generated in a directory that is world-readable with a umask of 002. After it was written, the permissions are modified to protect the key. For a brief moment, the RSA keys are world-readable. An attacker who has access to the host installing Pulp could theoretically open the file after it is created, but before its permissions are set, and read the private key.

Associated revisions

Revision 20955f6f View on GitHub
Added by Jeremy Cline over 4 years ago

pulp.spec now generate RSA keys with umask 077 (CVE-2016-3111)

During installation, the RSA key pairs used to validate messages between the pulp server and pulp consumers were generated in a directory that is world-readable with a umask of 002. After it was written, the permissions were modified to protect the key. For a brief moment, the RSA keys were world-readable. This commit explicitly sets the umask in the %post scriptlet to be 077 so it is only readable to the owner.

https://pulp.plan.io/issues/1837

fixes #1837

Revision 20955f6f View on GitHub
Added by Jeremy Cline over 4 years ago

pulp.spec now generate RSA keys with umask 077 (CVE-2016-3111)

During installation, the RSA key pairs used to validate messages between the pulp server and pulp consumers were generated in a directory that is world-readable with a umask of 002. After it was written, the permissions were modified to protect the key. For a brief moment, the RSA keys were world-readable. This commit explicitly sets the umask in the %post scriptlet to be 077 so it is only readable to the owner.

https://pulp.plan.io/issues/1837

fixes #1837

Revision e152f9e1 View on GitHub
Added by rbarlow over 4 years ago

Add release notes for the upcoming 2.8.3.

re #1827 re #1830 re #1833 re #1834 re #1837

Credit goes to Jeremy Cline for writing the included release notes for CVE-2016-3111 and CVE-2016-3112.

Revision e152f9e1 View on GitHub
Added by rbarlow over 4 years ago

Add release notes for the upcoming 2.8.3.

re #1827 re #1830 re #1833 re #1834 re #1837

Credit goes to Jeremy Cline for writing the included release notes for CVE-2016-3111 and CVE-2016-3112.

History

#1 Updated by jcline@redhat.com over 4 years ago

  • Subject changed from reserved to pulp.spec generates its RSA keys for message signing insecurely
  • Description updated (diff)

#2 Updated by jcline@redhat.com over 4 years ago

  • Private changed from Yes to No

#3 Updated by jcline@redhat.com over 4 years ago

  • Status changed from NEW to POST
  • Assignee set to jcline@redhat.com

#4 Updated by semyers over 4 years ago

  • Platform Release set to 2.8.3

#5 Updated by semyers over 4 years ago

  • Subject changed from pulp.spec generates its RSA keys for message signing insecurely to CVE-2016-3111: pulp.spec generates its RSA keys for message signing insecurely

#6 Updated by Anonymous over 4 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#7 Updated by mhrivnak over 4 years ago

  • Priority changed from Normal to High
  • Severity changed from 2. Medium to 1. Low
  • Triaged changed from No to Yes

#8 Updated by semyers over 4 years ago

  • Status changed from MODIFIED to 5

#9 Updated by semyers over 4 years ago

  • Status changed from 5 to CLOSED - CURRENTRELEASE

#10 Updated by bmbouter over 1 year ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF