On 3/12/21 1:40 PM, Salvatore Bonaccorso wrote: > Source: kexec-tools > Version: 1:2.0.20-2.1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerability was published for kexec-tools. > > CVE-2021-20269[0]: > | incorrect permissions on kdump dmesg file > > Could you check the details here? [2] is slight short on information > if "known upstream" etc. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2021-20269 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20269 > [1] https://www.openwall.com/lists/oss-security/2021/03/11/2 > > Please adjust the affected versions in the BTS as needed. >
On Debian systems, dmesg file is created by makedumpfile in makedumpfile package which is called by /usr/sbin/kdump-config from kdump-tols package. makedumpfile sets the permission on dmesg file and from looking at the git history for makedumpfile.c, it has used permission "S_IRUSR|S_IWUSR" since 2006 at least. Redhat/Fedora on the other hand use a script kdump-lib-initramfs.sh to create the dmesg file with "journalctl -ab >> $KDUMP_LOG_FILE" and this vulnerability was fixed in that script by adding "chmod 600 $KDUMP_LOG_FILE" dmesg file on Debian has the format dmesg.<timestamp>, for example: $ ls -l /var/crash/202107151351/ total 119404 -rw------- 1 root root 67840 Jul 15 13:53 dmesg.202107151351 -rw-r--r-- 1 root root 122195470 Jul 15 13:52 dump.202107151351 As seen in example above, this file is created with read-write permission for root only. Above crash files were generated on a Debian system using following versions of tools: ii kdump-tools 1:1.6.8.3 amd64 ii makedumpfile 1:1.6.8-4 amd64 ii kexec-tools 1:2.0.22-1 amd64 Does this address the CVE? Thanks, Khalid
