Bug 1210094

Summary: VUL-1: SUMA: SSH private key diclosed in log file when debug is enabled
Product: [Novell Products] SUSE Security Incidents Reporter: Paolo Perego <paolo.perego>
Component: IncidentsAssignee: Cédric Bosdonnat <cbosdonnat>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P2 - High CC: gianluca.gabrielli, jgonzalez, kwalter, logu.rangasamy, marina.latini, parlt
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1209434    

Description Paolo Perego 2023-04-04 13:21:32 UTC 
This is a different vulnerability from bsc#1209395.

FileUtils class from com.redhat.rhn.common.util package has a public method, readStringFromFile, that logs an arbitrary file content if debug is enabled.

In SSLCertManager class, from com.suse.manager.ssl, there is a method called generateCertificate with this line of code:

```
return new SSLCertPair(FileUtils.readStringFromFile(serverCertFile.getAbsolutePath()),                   FileUtils.readStringFromFile(serverKeyFile.getAbsolutePath()));
```

If debug is enabled, both server certificate and its key are logged into filesystem.


This is an instance of CVE-2023-22644 (bsc#1209434)
Comment 9 Paolo Perego 2023-06-21 12:47:30 UTC 
Fixed
Comment 10 Cédric Bosdonnat 2023-06-21 22:56:40 UTC 
Master PR: https://github.com/uyuni-project/uyuni/pull/7176
Comment 12 Maintenance Automation 2024-02-27 11:26:18 UTC 
SUSE-RU-2023:2566-1: An update that solves one vulnerability, contains one feature and has 58 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1201063, 1203599, 1204089, 1204270, 1204900, 1205600, 1206060, 1206191, 1206423, 1206725, 1206783, 1207063, 1207595, 1207814, 1207829, 1207830, 1208288, 1208321, 1208427, 1208522, 1208536, 1208540, 1208550, 1208586, 1208661, 1208687, 1208719, 1208772, 1208965, 1209119, 1209143, 1209149, 1209215, 1209220, 1209231, 1209253, 1209277, 1209386, 1209395, 1209434, 1209508, 1209557, 1209926, 1209938, 1209993, 1210086, 1210094, 1210101, 1210107, 1210154, 1210162, 1210349, 1210437, 1210458, 1210776, 1210835, 1211956, 1211958, 1212363
CVE References: CVE-2023-22644
Jira References: MSQA-666
Sources used:
SUSE Manager Proxy 4.3 Module 4.3 (src): susemanager-build-keys-15.4.9-150400.3.20.2, spacecmd-4.3.21-150400.3.18.5, mgr-daemon-4.3.7-150400.3.9.5, spacewalk-web-4.3.31-150400.3.21.7, spacewalk-proxy-4.3.16-150400.3.20.6, spacewalk-backend-4.3.21-150400.3.21.13, spacewalk-proxy-installer-4.3.11-150400.3.6.4, uyuni-common-libs-4.3.8-150400.3.12.5
SUSE Manager Server 4.3 Module 4.3 (src): susemanager-4.3.27-150400.3.26.5, spacewalk-setup-4.3.16-150400.3.21.6, python-urlgrabber-4.1.0-150400.4.3.6.3, spacewalk-search-4.3.9-150400.3.12.7, virtual-host-gatherer-1.0.26-150400.3.12.3, perl-Satcon-4.3.2-150400.3.3.5, spacewalk-admin-4.3.11-150400.3.6.6, branch-network-formula-0.1.1680167239.23f2fec-150400.3.3.3, spacewalk-backend-4.3.21-150400.3.21.13, spacewalk-java-4.3.58-150400.3.46.4, supportutils-plugin-susemanager-4.3.7-150400.3.9.6, spacewalk-config-4.3.10-150400.3.6.3, susemanager-sls-4.3.33-150400.3.25.7, spacecmd-4.3.21-150400.3.18.5, hub-xmlrpc-api-0.7-150400.5.6.5, susemanager-docs_en-4.3-150400.9.27.3, susemanager-tftpsync-4.3.4-150400.3.9.9, cpu-mitigations-formula-0.5.0-150400.3.3.3, susemanager-schema-4.3.18-150400.3.18.7, susemanager-build-keys-15.4.9-150400.3.20.2, spacewalk-web-4.3.31-150400.3.21.7, cobbler-3.3.3-150400.5.25.3, uyuni-common-libs-4.3.8-150400.3.12.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Maintenance Automation 2024-02-27 11:33:13 UTC 
SUSE-RU-2023:2592-1: An update that solves two vulnerabilities, contains one feature and has 90 recommended fixes can now be installed.

Category: recommended (important)
Bug References: 1201059, 1201063, 1203599, 1204089, 1204186, 1204270, 1204900, 1205011, 1205088, 1205600, 1205759, 1206060, 1206146, 1206191, 1206423, 1206520, 1206562, 1206725, 1206783, 1206800, 1206817, 1206861, 1206932, 1206963, 1206973, 1206979, 1206981, 1207063, 1207087, 1207141, 1207297, 1207352, 1207595, 1207792, 1207799, 1207814, 1207829, 1207830, 1207838, 1207867, 1207883, 1208046, 1208119, 1208288, 1208321, 1208325, 1208427, 1208522, 1208536, 1208540, 1208550, 1208586, 1208611, 1208661, 1208687, 1208719, 1208772, 1208908, 1209119, 1209143, 1209149, 1209215, 1209220, 1209231, 1209253, 1209259, 1209277, 1209369, 1209386, 1209395, 1209434, 1209508, 1209557, 1209926, 1209938, 1209993, 1210086, 1210094, 1210101, 1210107, 1210154, 1210162, 1210349, 1210437, 1210458, 1210776, 1210835, 1211956, 1211958, 1212096, 1212363, 1212516
CVE References: CVE-2022-46146, CVE-2023-22644
Jira References: MSQA-666
Sources used:
openSUSE Leap 15.4 (src): release-notes-susemanager-proxy-4.3.6-150400.3.55.4, release-notes-susemanager-4.3.6-150400.3.63.2
SUSE Manager Proxy 4.3 (src): release-notes-susemanager-proxy-4.3.6-150400.3.55.4
SUSE Manager Retail Branch Server 4.3 (src): release-notes-susemanager-proxy-4.3.6-150400.3.55.4
SUSE Manager Server 4.3 (src): release-notes-susemanager-4.3.6-150400.3.63.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.