安全研究
安全漏洞
Red Hat CloudForms全局可读(world readable)权限production.log文件管理员密码泄露漏洞
发布日期:2012-12-05
更新日期:2012-12-07
受影响系统:
RedHat CloudForms描述:
BUGTRAQ ID: 56819
CVE(CAN) ID: CVE-2012-3538
Red Hat CloudForms是本地混合云基础设施即服务(IaaS)产品,可创建和管理私有和公共云。
Red Hat CloudForms将pulp管理密码以明文方式保存在world readable权限的production.log文件中,导致本地攻击者可利用此漏洞控制CloudForms部署和管理的系统。
此问题已经在下列版本内解决:
CloudForms for RHEL 6
CloudForms Tools for RHEL 5
<*来源:James Laska
链接:https://bugzilla.redhat.com/show_bug.cgi?id=852199
https://access.redhat.com/security/cve/CVE-2012-3538
http://secunia.com/advisories/51472/
https://www.redhat.com/support/errata/RHSA-2012-1543.html
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
参考自https://bugzilla.redhat.com/show_bug.cgi?id=852199
a) 漏洞重现步骤
1. Install katello
2. Run katello-configure to prepare system
3. Import a valid manifest
------------------------------------------------
b) 问题描述
The production.log is world readable ...
> # ll /var/log/katello/production.log
> -rw-r--r--. 1 katello katello 38128 Aug 27 13:56 /var/log/katello/production.log
While importing a manifest, I noticed the pulp admin password is available in plaintext in the production.log ...
> [DEBUG: 2012-08-27 13:20:08 #28453] Processing response: 200
> [DEBUG: 2012-08-27 13:20:08 #28453] Resource GET request: /pulp/api/users/admin/
> [DEBUG: 2012-08-27 13:20:08 #28453] Processing response: 200
> [DEBUG: 2012-08-27 13:20:08 #28453] Resource POST request: /pulp/api/users/, {"name":"hidden-HkmUvo","login":"hidden-HkmUvo","password":"kRez49MC87ihOXCk"}
> [DEBUG: 2012-08-27 13:20:08 #28453] Processing response: 201
> [DEBUG: 2012-08-27 13:20:08 #28453] Resource POST request: /pulp/api/roles/super-users//add/, {"username":"hidden-HkmUvo"}
> [DEBUG: 2012-08-27 13:20:08 #28453] Processing response: 200
> [DEBUG: 2012-08-27 13:20:08 #28453] Resource GET request: /pulp/api/users/hidden-HkmUvo/
> [DEBUG: 2012-08-27 13:20:09 #28453] Processing response: 200
> [DEBUG: 2012-08-27 13:20:09 #28453] Creating an owner in candlepin: ACME_Corporation
> [DEBUG: 2012-08-27 13:20:09 #28453] Resource POST request: /candlepin/owners/, {"contentPrefix":"/ACME_Corporation/$env","displayName":"ACME_Corporation","key":"ACME_Corporation"}
> [DEBUG: 2012-08-27 13:20:09 #28453] Processing response: 200
> [ INFO: 2012-08-27 13:20:09 #28453] Creating an environment in candlepin: Library
------------------------------------------------
建议:
厂商补丁:
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2012:1543-01)以及相应补丁:
RHSA-2012:1543-01:Important: CloudForms System Engine 1.1 update
链接:https://www.redhat.com/support/errata/RHSA-2012-1543.html
浏览次数:4174
严重程度:0(网友投票)
绿盟科技给您安全的保障