783195 – (CVE-2012-0433) VUL-1: install-chef-suse.sh: tmp file issues and insecure permission on files containing confidential data

Bug 783195 (CVE-2012-0433) - VUL-1: install-chef-suse.sh: tmp file issues and insecure permission on files containing confidential data

Summary: VUL-1: install-chef-suse.sh: tmp file issues and insecure permission on files...

Status:	VERIFIED WONTFIX

Alias:	CVE-2012-0433

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Deadline:	2012-11-27
Assignee:	Milisav Radmanic
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:49909:low
Keywords:	security

Depends on:
Blocks:

Clone This Bug

Reported:	2012-10-02 14:38 UTC by Thomas Biege
Modified:	2017-04-15 10:41 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2012-10-02 14:38:28 UTC

https://github.com/aspiers/crowbar/blob/a64cf18c93c30b1afcbae9e7309d7d4a3af29e46/extra/install-chef-suse.sh

Reading this file revealed two issues at least:
- tmp files are used in an insecure way which allows local privilege escalation, use mktemp -d /tmp/lalalal.XXXXXXXX
- the verious keys generated during the run of the script are written to locsl files without setting an appropriate umask, local uses might read the keys from the files

Comment 1 Swamp Workflow Management 2012-10-02 22:00:17 UTC

bugbot adjusting priority

Comment 2 Adam Spiers 2012-10-03 09:25:49 UTC

Valid points.  Fortunately low impact since admin nodes should be dedicated hardware so it's unlikely anyone else would have non-root access to it prior to SUSE Cloud installation.

Comment 3 Thomas Biege 2012-10-04 07:29:53 UTC

I am fine with reducing the impact.

When can a fix be made ready and part of a maintenance update for SUSE Cloud?

Comment 4 Christoph Thiel 2012-10-30 11:03:04 UTC

Adam, could you please take care of it. We'll make sure to getting this fixed with the next round of updates.

Comment 5 Christoph Thiel 2012-10-30 11:03:34 UTC

Maint team, could you please assign a swamp id for this? (package: crowbar)

Comment 6 Matthias Weckbecker 2012-10-30 11:52:33 UTC

Chris, should just this specific issue be fixed or will it be an consolidated
update (e.g. contains lots of additional, non-security fixes)? If it's really
just this issue I can just create the swamp for you too.

Comment 7 Christoph Thiel 2012-10-30 12:00:32 UTC

We'll roll this into a bigger update. Leonardo already is working on creating the swampid for this.

Comment 8 Swamp Workflow Management 2012-10-30 12:13:04 UTC

The SWAMPID for this issue is 49909.
This issue was rated as low.
Please submit fixed packages until 2012-11-27.
Also create a patchinfo file using this link:
https://swamp.suse.de/webswamp/wf/49909

Comment 10 Thomas Biege 2012-12-14 11:55:29 UTC

CVE-2012-0433

Comment 11 Sascha Peilicke 2012-12-17 11:58:49 UTC

Is it really worth fixing this? I think we should decide to either WONTFIX or provide something. 

We have plenty of other 1.0 bugs which need a similar decision btw.

Comment 12 Thomas Biege 2013-01-03 09:49:01 UTC

From my POV the fixes are easy and should be added to the next update round.

Comment 13 Christoph Thiel 2013-01-17 14:22:42 UTC

agreed.

Comment 21 Marcus Meissner 2017-03-22 15:20:44 UTC

was fixed before the initial import into the crowbar github repo. the script currently lives at :


https://github.com/crowbar/crowbar/blob/master/scripts/install-chef-suse.sh

but previously at releases/development/master/extra/install-chef-suse.sh