Bug 933028 (CVE-2015-4053) - VUL-0: CVE-2015-4053: ceph-deploy admin command copies keyring file to /etc/ceph which is world readable
Summary: VUL-0: CVE-2015-4053: ceph-deploy admin command copies keyring file to /etc/c...
Status: RESOLVED FIXED
Alias: CVE-2015-4053
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Owen Synge
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/116997/
Whiteboard: CVSSv2:RedHat:CVE-2015-4053:4.3:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-01 08:24 UTC by Andreas Stieger
Modified: 2017-12-14 05:40 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
holgi: needinfo? (ksharma)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-06-01 08:24:42 UTC 
Via oss-sec http://seclists.org/oss-sec/2015/q2/525

> "ceph-deploy admin" command pushes the client.admin key with world readable 
> permissions as in /etc/ceph/ceph.client.admin.keyring, It is similar issue 
> like CVE-2015-3010 , but this seems more bad as it is copying to /etc/ceph 
> which readable by any user. 
> 
> ~]# ls -Z /etc/ | grep ceph
> drwxr-xr-x. root root system_u:object_r:etc_t:s0 ceph
> 
> For further informataion : http://tracker.ceph.com/issues/11694

Lik bug 920926 - (CVE-2015-3010)

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1224129
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4053
http://seclists.org/oss-sec/2015/q2/525
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4053.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4053
Comment 2 Nathan Cutler 2015-06-01 09:56:40 UTC 
This has been fixed in upstream master: https://github.com/ceph/ceph-deploy/pull/300
Comment 4 Owen Synge 2015-06-01 11:27:32 UTC 
Pulled patches for:

https://github.com/ceph/ceph-deploy/pull/300/commits

on to branch

distro/suse-1-5-19
Comment 5 Owen Synge 2015-06-01 11:52:22 UTC 
Pulled patches for:

https://github.com/ceph/ceph-deploy/pull/300/commits

on to branch

distro/suse-1-5-23
Comment 6 Owen Synge 2015-06-01 11:52:56 UTC 
IBS rpm's updated pending testing.
Comment 7 Swamp Workflow Management 2015-06-01 22:00:15 UTC 
bugbot adjusting priority
Comment 8 Holger Sickenberg 2015-06-24 09:57:14 UTC 
Owen: Did the tests pass already?
Comment 9 Owen Synge 2015-06-24 10:28:04 UTC 
Yes everything has passed testing.
Comment 10 Owen Synge 2015-06-24 10:30:48 UTC 
Its fixed definitely in SES 2. I have not checked a SES 1 box as I don’t have one to hand.
Comment 11 Owen Synge 2015-06-24 10:31:11 UTC 
Sorry for the slow update on this, I had forgotten about this thread
Comment 13 Holger Sickenberg 2015-06-24 10:53:11 UTC 
I guess we can mark this fixed then.
Comment 14 Swamp Workflow Management 2016-04-18 09:08:54 UTC 
openSUSE-RU-2016:1083-1: An update that solves one vulnerability and has 15 fixes is now available.

Category: recommended (moderate)
Bug References: 886872,893810,929553,933028,938564,938565,938566,938894,939710,940840,942274,942399,942495,948375,948577,963022
CVE References: CVE-2015-4053
Sources used:
openSUSE Leap 42.1 (src):    ceph-deploy-1.5.25+git.1453390973.98e76c0-2.1, python-execnet-1.2post2-2.1, python-remoto-0.0.23-2.1
Comment 15 Swamp Workflow Management 2017-12-14 05:40:27 UTC 
This is an autogenerated message for OBS integration:
This bug (933028) was mentioned in
https://build.opensuse.org/request/show/556845 Factory / ceph-deploy