Issue #1837: CVE-2016-3111: pulp.spec generates its RSA keys for message signing insecurely - Pulp

Agile board
Agile charts

Agile boards

Pulp 2 QE Agile Board
Pulp 2 QE Agile Board - Priority View
Pulp 3 QE Agile Board
Pulp 3 RPM Tests Agile Board
Sprint 112 Agile Board

Custom queries

[All Projects] All Test Trackers
2.21.4 - Next Bugfix Release
2.21.4 MODIFIED
2.21.5
3.14.3
CI/CD
Easy Fix
FIPS open
Functional Tests
Galaxy NG
Groomed
Installer - Triage
Installer Items
Issues for Triage
Katello Integration
Next Docs Day
Operator issues
POST/ASSIGNED - no Sprint - Pulp2
POST/ASSIGNED - no Sprint - Pulp3
Prioritized Bugs
Pulp 3 Docs issues
Pulp2 issues available for next release
Pulpcore
SELinux related
Sprint 111
Sprint 112
Sprint Candidates (also groomed)
Un-Triaged Bugs
Verification Required

Actions

Send by e-mail Copy link

Issue #1837

closed

CVE-2016-3111: pulp.spec generates its RSA keys for message signing insecurely

Added by jcline@redhat.com over 8 years ago. Updated almost 5 years ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

High

Assignee:

jcline@redhat.com

Category:

Sprint/Milestone:

Start date:

Due date:

Estimated time:

Severity:

1. Low

Version:

Platform Release:

2.8.3

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Pulp 2

Sprint:

Quarter:

Description

During installation, the RSA key pairs used to validate messages between the pulp server and pulp consumers are generated in a directory that is world-readable with a umask of 002. After it was written, the permissions are modified to protect the key. For a brief moment, the RSA keys are world-readable. An attacker who has access to the host installing Pulp could theoretically open the file after it is created, but before its permissions are set, and read the private key.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by jcline@redhat.com over 8 years ago

Subject changed from reserved to pulp.spec generates its RSA keys for message signing insecurely
Description updated (diff)

https://github.com/pulp/pulp/pull/2530

Actions

Copy link

Updated by jcline@redhat.com over 8 years ago

Private changed from Yes to No

Actions

Copy link

Updated by jcline@redhat.com over 8 years ago

Status changed from NEW to POST
Assignee set to jcline@redhat.com

Actions

Copy link

Updated by semyers over 8 years ago

Platform Release set to 2.8.3

Actions

Copy link

Updated by semyers over 8 years ago

Subject changed from pulp.spec generates its RSA keys for message signing insecurely to CVE-2016-3111: pulp.spec generates its RSA keys for message signing insecurely

Added by Jeremy Cline over 8 years ago

Revision 20955f6f | View on GitHub

pulp.spec now generate RSA keys with umask 077 (CVE-2016-3111)

During installation, the RSA key pairs used to validate messages between the pulp server and pulp consumers were generated in a directory that is world-readable with a umask of 002. After it was written, the permissions were modified to protect the key. For a brief moment, the RSA keys were world-readable. This commit explicitly sets the umask in the %post scriptlet to be 077 so it is only readable to the owner.

https://pulp.plan.io/issues/1837

fixes #1837