2015 m. balandžio 9 d., ketvirtadienis

FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)


## Advisory Information

Title: FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)
Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-1415.txt.asc
Date published: 2015-04-07
Vendors contacted: FreeBSD
Release mode: Coordinated release



## Product Description

FreeBSD is a UNIX-like operating system.



## Vulnerability Summary

FreeBSD 10.x installer supports the installation of FreeBSD 10.x  on  an
encrypted ZFS filesystem by default.

When using the encryption system within ZFS during the  installation  of
FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong  permissions
which allow local users to read this file.

Even if the keyfile is passphrase-encrypted, it can present a risk.



## Details

By default, the encryption key file is /boot/encryption.key.

Instead of being 0600, the permissions are 0644:

$ ls -la /boot/encryption.key
- -rw-r--r--  1 root  wheel  4096 Feb 17 15:16 /boot/encryption.key
$

This file is readable by a local user.



## Vendor Response

According to the vendor, a security advisory will be published, describing
the problem and the solution. It concerns:

    - stable/10, 10.1-STABLE
    - releng/10.1, 10.1-RELEASE-p8
    - releng/10.0, 10.0-RELEASE-p18


## Report Timeline

 * Mar 01, 2015: Problem found by Pierre Kim
 * Apr 01, 2015: Vendor is notified of the vulnerability
 * Apr 01, 2015: Vendor confirms report and indicates a fix is  prepared
   but there will be no security advisory format notification because of
   the nature of the problem
 * Apr 02, 2015: Pierre Kim asks a CVE number to the vendor
 * Apr 02, 2015: Vendor indicates to use CVE-2015-1415  and  confirms that a
   signed notification to the mailing lists will be sent.
 * Apr 03, 2015: Pierre Kim contacts FreeBSD about the future notification
 * Apr 04, 2015: Vendor confirms a security advisory will be published
   next week
 * Apr 07, 2015: Vendor publishes a security advisory (FreeBSD-SA-15:08)
 * Apt 07, 2015: This advisory is sent to bugtraq@



## Credit

This vulnerability was found by Pierre Kim (@PierreKimSec).



## References

https://www.freebsd.org/doc/handbook/bsdinstall-partitioning.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1415
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc



## Disclaimer

This advisory is licensed under a Creative Commons Attribution Non-Commercial
Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/
Pranešimą parašė ties

Komentarų nėra:

Rašyti komentarą

Užsisakykite: Rašyti komentarus (Atom)