Project

Profile

Help

Issue #1837

closed

CVE-2016-3111: pulp.spec generates its RSA keys for message signing insecurely

Added by jcline@redhat.com over 8 years ago. Updated about 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
Platform Release:
2.8.3
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

During installation, the RSA key pairs used to validate messages between the pulp server and pulp consumers are generated in a directory that is world-readable with a umask of 002. After it was written, the permissions are modified to protect the key. For a brief moment, the RSA keys are world-readable. An attacker who has access to the host installing Pulp could theoretically open the file after it is created, but before its permissions are set, and read the private key.

Actions #1

Updated by jcline@redhat.com over 8 years ago

  • Subject changed from reserved to pulp.spec generates its RSA keys for message signing insecurely
  • Description updated (diff)
Actions #2

Updated by jcline@redhat.com over 8 years ago

  • Private changed from Yes to No
Actions #3

Updated by jcline@redhat.com over 8 years ago

  • Status changed from NEW to POST
  • Assignee set to jcline@redhat.com
Actions #4

Updated by semyers over 8 years ago

  • Platform Release set to 2.8.3
Actions #5

Updated by semyers over 8 years ago

  • Subject changed from pulp.spec generates its RSA keys for message signing insecurely to CVE-2016-3111: pulp.spec generates its RSA keys for message signing insecurely

Added by Jeremy Cline over 8 years ago

Revision 20955f6f | View on GitHub

pulp.spec now generate RSA keys with umask 077 (CVE-2016-3111)

During installation, the RSA key pairs used to validate messages between the pulp server and pulp consumers were generated in a directory that is world-readable with a umask of 002. After it was written, the permissions were modified to protect the key. For a brief moment, the RSA keys were world-readable. This commit explicitly sets the umask in the %post scriptlet to be 077 so it is only readable to the owner.

https://pulp.plan.io/issues/1837

fixes #1837

Added by Jeremy Cline over 8 years ago

Revision 20955f6f | View on GitHub

pulp.spec now generate RSA keys with umask 077 (CVE-2016-3111)

During installation, the RSA key pairs used to validate messages between the pulp server and pulp consumers were generated in a directory that is world-readable with a umask of 002. After it was written, the permissions were modified to protect the key. For a brief moment, the RSA keys were world-readable. This commit explicitly sets the umask in the %post scriptlet to be 077 so it is only readable to the owner.

https://pulp.plan.io/issues/1837

fixes #1837

Actions #6

Updated by Anonymous over 8 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #7

Updated by mhrivnak over 8 years ago

  • Priority changed from Normal to High
  • Severity changed from 2. Medium to 1. Low
  • Triaged changed from No to Yes

Added by rbarlow over 8 years ago

Revision e152f9e1 | View on GitHub

Add release notes for the upcoming 2.8.3.

re #1827 re #1830 re #1833 re #1834 re #1837

Credit goes to Jeremy Cline for writing the included release notes for CVE-2016-3111 and CVE-2016-3112.

Added by rbarlow over 8 years ago

Revision e152f9e1 | View on GitHub

Add release notes for the upcoming 2.8.3.

re #1827 re #1830 re #1833 re #1834 re #1837

Credit goes to Jeremy Cline for writing the included release notes for CVE-2016-3111 and CVE-2016-3112.

Actions #8

Updated by semyers over 8 years ago

  • Status changed from MODIFIED to 5
Actions #9

Updated by semyers over 8 years ago

  • Status changed from 5 to CLOSED - CURRENTRELEASE
Actions #10

Updated by bmbouter over 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF