1179999 – (CVE-2020-35459) VUL-0: CVE-2020-35459: crmsh: Root privilege escalation via hawk_invoke and crmsh

Bug 1179999 (CVE-2020-35459) - VUL-0: CVE-2020-35459: crmsh: Root privilege escalation via hawk_invoke and crmsh

Summary: VUL-0: CVE-2020-35459: crmsh: Root privilege escalation via hawk_invoke and c...

Status:	RESOLVED FIXED

Alias:	CVE-2020-35459

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P1 - Urgent Severity: Critical
Target Milestone:	---
Assignee:	Xin Liang
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/273298/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-35459:8.4:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-12-14 12:16 UTC by Marcus Meissner
Modified:	2022-03-10 13:18 UTC (History)
CC List:	13 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 3 Dario Maiocchi 2020-12-14 16:51:53 UTC

thx

Comment 8 Xin Liang 2020-12-18 08:39:03 UTC

Hi Marcus,

Please see the patch I created in https://build.suse.de/package/view_file/home:XinLiang:branches:SUSE:SLE-15-SP2:Update/crmsh/0001-Fix-history-use-Path.mkdir-instead-of-mkdir-command-.patch?expand=1

Changes include:
* Use Path.mkdir instead of system mkdir command
* Consider contain ";" in directory name was not sane

Please review and give me feedback when you have time

Thanks!

Comment 12 Xin Liang 2020-12-25 02:18:39 UTC

For 12sp4/sp5 and 12sp3, changes include:

* Use utils.mkdirp instead of system mkdir command
* Consider contain ";" in directory name was not sane

Comment 19 Johannes Segitz 2021-01-05 08:13:59 UTC

Everytime you can avoid using a shell construct and can do it in plain python it's better. 

I'll have a look now

Comment 24 Marcus Meissner 2021-01-12 13:01:11 UTC

I just posted to oss-security

Comment 25 Marcus Meissner 2021-01-12 13:01:28 UTC

please feel free to commit this change to upstream git

Comment 26 Swamp Workflow Management 2021-01-12 17:21:19 UTC

SUSE-SU-2021:0085-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1179999
CVE References: CVE-2020-35459
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 15-SP1 (src):    crmsh-4.2.0+git.1607075079.a25648d8-3.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2021-01-12 17:22:17 UTC

SUSE-SU-2021:0086-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1179999
CVE References: CVE-2020-35459
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 15-SP2 (src):    crmsh-4.2.0+git.1607075079.a25648d8-5.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2021-01-12 17:24:20 UTC

SUSE-SU-2021:0084-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1179999
CVE References: CVE-2020-35459
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP3 (src):    crmsh-3.0.4+git.1607490926.e492f845-13.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2021-01-12 17:25:21 UTC

SUSE-SU-2021:0083-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1179999
CVE References: CVE-2020-35459
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP5 (src):    crmsh-4.1.0+git.1607482714.9633b80d-2.50.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    crmsh-4.1.0+git.1607482714.9633b80d-2.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2021-01-12 17:26:21 UTC

SUSE-SU-2021:0087-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1179999
CVE References: CVE-2020-35459
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 15 (src):    crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Swamp Workflow Management 2021-01-13 20:17:23 UTC

openSUSE-SU-2021:0055-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1179999
CVE References: CVE-2020-35459
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    crmsh-4.2.0+git.1607075079.a25648d8-lp152.4.39.1

Comment 32 Swamp Workflow Management 2021-01-16 14:35:22 UTC

openSUSE-SU-2021:0073-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1179999
CVE References: CVE-2020-35459
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    crmsh-4.2.0+git.1607075079.a25648d8-lp151.2.45.1

Comment 38 Swamp Workflow Management 2021-03-08 20:18:13 UTC

SUSE-SU-2021:0722-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1154927,1178454,1178869,1179999,1180571,1180688
CVE References: CVE-2020-35459,CVE-2021-3020
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP5 (src):    crmsh-4.1.0+git.1614156984.f4f5e146-2.56.2
SUSE Linux Enterprise High Availability 12-SP4 (src):    crmsh-4.1.0+git.1614156984.f4f5e146-2.56.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Gianluca Gabrielli 2021-03-11 18:32:45 UTC

According to our tracking hawk2 is tagged as affected also for SUSE:SLE-12-SP2:Update, but no fix was submitted. Could you please give me some context about it?

Comment 42 Swamp Workflow Management 2021-03-11 23:29:59 UTC

SUSE-SU-2021:0771-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1154927,1178454,1178869,1179999,1180571
CVE References: CVE-2020-35459,CVE-2021-3020
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP3 (src):    crmsh-3.0.4+git.1614156978.4c1dc46d-13.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 43 Swamp Workflow Management 2021-03-12 20:20:28 UTC

SUSE-SU-2021:0782-1: An update that solves two vulnerabilities, contains one feature and has 5 fixes is now available.

Category: security (important)
Bug References: 1154927,1178454,1178869,1179999,1180137,1180571,1180688
CVE References: CVE-2020-35459,CVE-2021-3020
JIRA References: ECO-1658
Sources used:
SUSE Linux Enterprise High Availability 15-SP1 (src):    crmsh-4.3.0+20210219.5d1bf034-3.57.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Swamp Workflow Management 2021-03-12 20:23:29 UTC

SUSE-SU-2021:0781-1: An update that solves two vulnerabilities, contains one feature and has 7 fixes is now available.

Category: security (important)
Bug References: 1154927,1178454,1178869,1179999,1180126,1180137,1180571,1180688,1181415
CVE References: CVE-2020-35459,CVE-2021-3020
JIRA References: ECO-1658
Sources used:
SUSE Linux Enterprise High Availability 15-SP2 (src):    crmsh-4.3.0+20210305.9db5c9a8-5.42.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 45 Swamp Workflow Management 2021-03-14 17:28:56 UTC

openSUSE-SU-2021:0410-1: An update that solves two vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1154927,1178454,1178869,1179999,1180126,1180137,1180571,1180688,1181415
CVE References: CVE-2020-35459,CVE-2021-3020
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    crmsh-4.3.0+20210305.9db5c9a8-lp152.4.47.1

Comment 46 Swamp Workflow Management 2021-03-17 20:47:38 UTC

SUSE-SU-2021:0806-1: An update that solves two vulnerabilities, contains one feature and has 5 fixes is now available.

Category: security (important)
Bug References: 1154927,1178454,1178869,1179999,1180137,1180571,1180688
CVE References: CVE-2020-35459,CVE-2021-3020
JIRA References: ECO-1658
Sources used:
SUSE Linux Enterprise High Availability 15 (src):    crmsh-4.3.0+20210219.5d1bf034-3.62.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 47 Swamp Workflow Management 2021-03-24 14:26:57 UTC

SUSE-SU-2021:0941-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1179999,1182165,1182166
CVE References: CVE-2020-35459,CVE-2021-25314
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 15-SP2 (src):    hawk2-2.6.3+git.1614684118.af555ad9-3.27.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    hawk2-2.6.3+git.1614684118.af555ad9-3.27.1
SUSE Linux Enterprise High Availability 15 (src):    hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 48 Swamp Workflow Management 2021-03-24 14:28:15 UTC

SUSE-SU-2021:0942-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1179999,1182165,1182166
CVE References: CVE-2020-35459,CVE-2021-25314
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP5 (src):    hawk2-2.6.3+git.1614685906.812c31e9-3.30.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    hawk2-2.6.3+git.1614685906.812c31e9-3.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 49 Swamp Workflow Management 2021-03-24 14:37:14 UTC

SUSE-SU-2021:0943-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1179999,1182165,1182166
CVE References: CVE-2020-35459,CVE-2021-25314
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP3 (src):    hawk2-2.6.3+git.1614685906.812c31e9-2.42.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 62 Swamp Workflow Management 2021-07-02 19:16:18 UTC

SUSE-SU-2021:2238-1: An update that solves one vulnerability, contains one feature and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1163460,1175982,1179999,1184465,1185423,1187553
CVE References: CVE-2020-35459
JIRA References: SLE-17979
Sources used:
SUSE Linux Enterprise High Availability 15-SP1 (src):    crmsh-4.3.1+20210624.67223df2-3.69.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 63 Swamp Workflow Management 2021-07-02 19:17:55 UTC

SUSE-SU-2021:2239-1: An update that solves one vulnerability, contains one feature and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1163460,1175982,1179999,1184465,1185423,1187553
CVE References: CVE-2020-35459
JIRA References: SLE-17979
Sources used:
SUSE Linux Enterprise High Availability 15 (src):    crmsh-4.3.1+20210624.67223df2-3.74.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 64 Swamp Workflow Management 2021-07-21 13:19:16 UTC

openSUSE-SU-2021:2435-1: An update that solves one vulnerability, contains one feature and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1163460,1175982,1179999,1184465,1185423,1187553
CVE References: CVE-2020-35459
JIRA References: SLE-17979
Sources used:
openSUSE Leap 15.3 (src):    crmsh-4.3.1+20210702.4e0ee8fb-5.59.1

Comment 65 Swamp Workflow Management 2021-07-21 13:34:33 UTC

SUSE-SU-2021:2435-1: An update that solves one vulnerability, contains one feature and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1163460,1175982,1179999,1184465,1185423,1187553
CVE References: CVE-2020-35459
JIRA References: SLE-17979
Sources used:
SUSE Linux Enterprise High Availability 15-SP3 (src):    crmsh-4.3.1+20210702.4e0ee8fb-5.59.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    crmsh-4.3.1+20210702.4e0ee8fb-5.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 66 Swamp Workflow Management 2021-07-24 19:18:32 UTC

openSUSE-SU-2021:1087-1: An update that solves one vulnerability, contains one feature and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1163460,1175982,1179999,1184465,1185423,1187553
CVE References: CVE-2020-35459
JIRA References: SLE-17979
Sources used:
openSUSE Leap 15.2 (src):    crmsh-4.3.1+20210702.4e0ee8fb-lp152.4.59.1

Comment 68 Swamp Workflow Management 2021-09-16 22:29:04 UTC

# maintenance_jira_update_notice
SUSE-SU-2021:3121-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1179999,1189641
CVE References: CVE-2020-35459
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP5 (src):    crmsh-4.1.1+git.1630047134.803a70f2-2.65.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    crmsh-4.1.1+git.1630047134.803a70f2-2.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 69 Roger Zhou 2022-03-10 05:53:24 UTC

clean up the stale state

Comment 70 Gianluca Gabrielli 2022-03-10 08:21:48 UTC

Still missing submissions for:
 - SUSE:SLE-12-SP2:Update/hawk2
 - SUSE:SLE-12-SP2:Update/crmsh
 - SUSE:SLE-12-SP2:Update/crmsh

@Roger, please _do not_ close security-related issues, instead reassign them back to security-team@suse.de.

Comment 71 Diego Vinicius Akechi 2022-03-10 08:44:08 UTC

The decision of not backporting this to 12-SP2 was made in agreement with PM giving we were really close to the EOL of this service pack.

What are the reasons to revisit and ask for that again?

Comment 77 Gianluca Gabrielli 2022-03-10 13:18:16 UTC

So, we can close this issue. Thanks to everybody.