[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-announce] Proxy Generation Tool Vulnerability (Revised)

To: security-announce@xxxxxxxxxx
Subject: [security-announce] Proxy Generation Tool Vulnerability (Revised)
From: Lisa C Childers <childers@xxxxxxxxxxx>
Date: Wed, 16 Aug 2006 10:17:15 -0500 (CDT)
Delivered-to: glbs-security-announce-sendit@mailbouncer.mcs.anl.gov
Delivered-to: glbs-security-announce@mailbouncer.mcs.anl.gov
Sender: owner-security-announce@xxxxxxxxxx

Revision to Globus Security Advisory 2006-01:

Further evidence from the original reporter now leads us to believe that
this vulnerability is reasonably exploitable by local users of a system.
We are recommending that organizations apply the patches as soon as
possible.

------

Globus Security Advisory 2006-01:  GSI Proxy generation tool
(grid-proxy-init)

Original issue date: August 15 2006
Last revised: August 16 2006

Software affected:

Globus Toolkit releases 3.2.x, 4.0.x, 4.1.0; older, unsupported versions
may also be vulnerable

Specific packages: GSI
        jglobus, globus_gsi_sysconfig, globus_gsi_credential

Reporter:   Benjamin Bennett, Pittsburgh Supercomputing Center

Overview

The Globus Toolkit provides a tool, grid-proxy-init, to create proxy
certificates. The certificate is by default stored in /tmp and the file
name is generated based on the uid of the user on the system.

I. Description

The proxy generation tool (grid-proxy-init) creates the file, secures the
file to provide access only to owner and writes proxy to the file. A race
condition exists between the opening of the proxy credentials file, and
making sure it is safe file to write to. The checks to ensure this file is
accessible only to the owner take place using the filename after the file
is opened for writing, but before any data is written.

II. Impact

An attacker has the time between the file being opened and the checks to
ensure it is secure, to remove or change the proxy credentials file's
directory entry. The open could take place on a file or device the
attacker can read, and the checks could take place on a different file or
device, or even one the victim creates during these checks. Assuming the
checks succeeded, proxy credential data will then be written to the file
or device the attacker can read.

III. Solution

Update packages with a fix for Globus Toolkit releases 3.2.1 and 4.0.2 are
available at:

http://www-unix.globus.org/toolkit/advisories.html

The patches ensure that checks to secure the file are completed before the
file is opened for writing.

We recommend that people running 4.0.2 and 3.2.1 apply the relevant
patches.  People running older versions should upgrade to the appropriate
supported versions and apply the patch.  Users of the 4.1.0 development
release have the option of updating the affected components to the latest
code from CVS trunk or installing 4.1.1 when it becomes available.

Note:

For the Java implementation, the creation of the proxy file and the
setting of permissions on the file, is not an atomic operation. So there
is small window there for the created file to be compromised. To work
around this, we recommend that the umask in the user's account be set
appropriately to ensure that when a new file is created it is by default
accessible only to the owner.

Prev by Date: [security-announce] Temporary File Handling Vulnerability
Previous by thread: [security-announce] Temporary File Handling Vulnerability
Index(es):
- Date
- Thread