RedHatCloudForms global readable (worldreadable) Permission production. log File administrator password leakage Vulnerability

Release date: Updated: 2012-12-08 affected systems: RedHatCloudForms Description: registrant BUGTRAQID: 56819CVE (CAN) ID: CVE-2012-3538RedHatCl

Release date:
Updated on: 2012-12-08

Affected Systems:
RedHat CloudForms
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56819
CVE (CAN) ID: CVE-2012-3538

Red Hat CloudForms is a local hybrid cloud infrastructure as a service (IaaS) product that allows you to create and manage private and public clouds.

Red Hat CloudForms stores the pulp management password in the production. log file with the world readable permission in plain text, which allows local attackers to control the systems deployed and managed by CloudForms.

This problem has been solved in the following versions:
CloudForms for RHEL 6
CloudForms Tools for RHEL 5

<* Source: James Laska

Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 852199
Https://access.redhat.com/security/cve/CVE-2012-3538
Http://secunia.com/advisories/51472/
Https://www.redhat.com/support/errata/RHSA-2012-1543.html
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

James Laska () provides the following test methods:

Refer to self https://bugzilla.redhat.com/show_bug.cgi? Id = 852199

A) vulnerability reproduction steps

1. Install katello
2. Run katello-configure to prepare system
3. Import a valid manifest

------------------------------------------------

B) Problem Description

The production. log is world readable...
> # Ll/var/log/katello/production. log
>-Rw-r --. 1 katello 38128 Aug 27/var/log/katello/production. log

While importing a manifest, I noticed the pulp admin password is available in plaintext in the production. log...

> [DEBUG: 13:20:08 #28453] Processing response: 200
> [DEBUG: 13:20:08 #28453] Resource GET request:/pulp/api/users/admin/
> [DEBUG: 13:20:08 #28453] Processing response: 200
> [DEBUG: 13:20:08 #28453] Resource POST request:/pulp/api/users/, {"name": "hidden-HkmUvo", "login ": "hidden-HkmUvo", "password": "kRez49MC87ihOXCk "}
> [DEBUG: 13:20:08 #28453] Processing response: 201
> [DEBUG: 13:20:08 #28453] Resource POST request:/pulp/api/roles/super-users // add/, {"username": "hidden-HkmUvo "}
> [DEBUG: 13:20:08 #28453] Processing response: 200
> [DEBUG: 13:20:08 #28453] Resource GET request:/pulp/api/users/hidden-HkmUvo/
> [DEBUG: 13:20:09 #28453] Processing response: 200
> [DEBUG: 13:20:09 #28453] Creating an owner in candlepin: ACME_Corporation
> [DEBUG: 13:20:09 #28453] Resource POST request:/candlepin/owners/, {"contentPrefix": "/ACME_Corporation/$ env", "displayName": "ACME_Corporation ", "key": "ACME_Corporation "}
> [DEBUG: 13:20:09 #28453] Processing response: 200
> [INFO: 13:20:09 #28453] Creating an environment in candlepin: Library

------------------------------------------------

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

RedHat
------
For this reason, RedHat has released a Security Bulletin (RHSA-2012: 1543-01) and patch:

RHSA-2012: 1543-01: Important: CloudForms System Engine 1.1 update

Link: https://www.redhat.com/support/errata/RHSA-2012-1543.html