openSUSE has issued an advisory today (August 4): https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00005.html Mageia 7 is also affected.
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=27042
Fedora has issued an advisory for this on July 22: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6LANBGRCCZBPKKBD5ZMJS7C7DYAHYR6B/ The issue is fixed upstream in 2.1.53.
Status comment: (none) => Fixed upstream in 2.1.53Whiteboard: (none) => MGA7TOO
Done for both Cauldron and mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated targetcli package fixes security vulnerability: An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality (CVE-2020-13867). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13867 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6LANBGRCCZBPKKBD5ZMJS7C7DYAHYR6B/ ======================== Updated packages in core/updates_testing: ======================== targetcli-2.1.53-1.mga7 from targetcli-2.1.53-1.mga7.src.rpm
Assignee: lists.jjorge => qa-bugsWhiteboard: MGA7TOO => (none)Status comment: Fixed upstream in 2.1.53 => (none)Version: Cauldron => 7
mga7, x86_64 Installed targetcli before updating to check file permissions. /etc/target drwxr-xr-x 3 root root 4096 Aug 8 17:16 target/ $ ll /etc/target # targetcli Warning: Could not load preferences file /root/.targetcli/prefs.bin. targetcli shell version 2.1.fb49 /> ls o- / ..................................................................... [...] o- backstores .......................................................... [...] | o- block .............................................. [Storage Objects: 0] | o- fileio ............................................. [Storage Objects: 0] | o- pscsi .............................................. [Storage Objects: 0] | o- ramdisk ............................................ [Storage Objects: 0] o- iscsi ........................................................ [Targets: 0] o- loopback ..................................................... [Targets: 0] o- vhost ........................................................ [Targets: 0] o- xen-pvscsi ................................................... [Targets: 0] /> exit Global pref auto_save_on_exit=true Configuration saved to /etc/target/saveconfig.json $ ll /etc/targettotal 8 drwxr-xr-x 2 root root 4096 Jan 7 2019 backup/ -rw------- 1 root root 71 Aug 8 17:16 saveconfig.json The JSON file is not world readable, backup is 755. # cd /etc # rm -rf target Updated targetcli. # targetcli ..... /> exit # ll target total 8 drw------- 2 root root 4096 Aug 8 17:27 backup/ -rw------- 1 root root 71 Aug 8 17:27 saveconfig.json backup/ now 600, so not vulnerable. Used the example from the man page to test the operation of the shell. # targetcli ... /> backstores/fileio create test /tmp/test.img 100m Created fileio test with size 104857600 /> iscsi/ create iqn.2006-04.com.example:test-targetCreated target iqn.2006-04.com.example:test-target. Created TPG 1. Global pref auto_add_default_portal=true Created default portal listening on all IPs (0.0.0.0), port 3260. /> cd iscsi/iqn.2006-04.com.example:test-target/tpg1/ /iscsi/iqn.20...t-target/tpg1> set attribute generate_node_acls=1 Parameter generate_node_acls is now '1'. /iscsi/iqn.20...t-target/tpg1> exit Global pref auto_save_on_exit=true Last 10 configs saved in /etc/target/backup/. Configuration saved to /etc/target/saveconfig.json # ll total 8 drw------- 2 root root 4096 Aug 8 17:40 backup/ -rw------- 1 root root 3722 Aug 8 17:40 saveconfig.json Good enough.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0326.html
Status: NEW => RESOLVEDResolution: (none) => FIXED