bugzilla.suse.com
Open in
urlscan Pro
195.135.220.27
Public Scan
URL:
https://bugzilla.suse.com/show_bug.cgi?id=1207598
Submission: On February 23 via api from US — Scanned from DE
Submission: On February 23 via api from US — Scanned from DE
Form analysis 6 forms found in the DOM
GET buglist.cgi
<form action="buglist.cgi" method="get" onsubmit="if (this.quicksearch.value == '')
{ alert('Please enter one or more search terms first.');
return false; } return true;">
<input type="hidden" id="no_redirect_top" name="no_redirect" value="1">
<script type="text/javascript">
if (history && history.replaceState) {
var no_redirect = document.getElementById("no_redirect_top");
no_redirect.value = 1;
}
</script>
<input class="txt" type="text" id="quicksearch_top" name="quicksearch" title="Quick Search" value="">
<input class="btn" type="submit" value="Search" id="find_top">
</form>POST show_bug.cgi?id=1207598
<form action="show_bug.cgi?id=1207598" method="POST" class="mini_login bz_default_hidden" id="mini_login_top" onsubmit="return check_mini_login_fields( '_top' );">
<input id="Bugzilla_login_top" class="bz_login bz_mini_login_help" name="Bugzilla_login" title="Login" onfocus="mini_login_on_focus('_top')">
<input class="bz_password bz_default_hidden" id="Bugzilla_password_top" name="Bugzilla_password" type="password" title="Password">
<input class="bz_password bz_mini_login_help" type="text" id="Bugzilla_password_dummy_top" value="password" title="Password" onfocus="mini_login_on_focus('_top')">
<input type="submit" name="GoAheadAndLogIn" value="Log in" id="log_in_top">
<script type="text/javascript">
mini_login_constants = {
"login": "login",
"warning": "You must set the login and password before logging in."
};
if (YAHOO.env.ua.gecko || YAHOO.env.ua.ie || YAHOO.env.ua.opera) {
YAHOO.util.Event.onDOMReady(function() {
init_mini_login_form('_top');
});
} else {
YAHOO.util.Event.on(window, 'load', function() {
window.setTimeout(function() {
init_mini_login_form('_top');
}, 200);
});
}
</script>
<a href="#" onclick="return hide_mini_login_form('_top')">[x]</a>
</form>Name: changeform — POST process_bug.cgi
<form name="changeform" id="changeform" method="post" action="process_bug.cgi">
<input type="hidden" name="delta_ts" value="2023-02-16 14:00:10">
<input type="hidden" name="longdesclength" value="5">
<input type="hidden" name="id" value="1207598">
<input type="hidden" name="token" value="1677164915-PCdxQXvyQ_c8GpLvgzAfH4TdccmZEb6Fb5FLhoZrsc8">
<div class="bz_alias_short_desc_container edit_form">
<a href="show_bug.cgi?id=1207598"><b>Bug 1207598</b></a> -<span id="summary_alias_container"> (<span id="alias_nonedit_display">CVE-2022-45154</span>) <span id="short_desc_nonedit_display">VUL-0: CVE-2022-45154: supportconfig: does not
remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh</span>
</span>
<div id="summary_alias_input" class="bz_default_hidden">
<table id="summary">
<tbody>
<tr>
<td colspan="2">(CVE-2022-45154) </td>
</tr>
<tr>
<th class="field_label " id="field_label_short_desc">
<label for="short_desc" accesskey="s">
<a title="The bug summary is a short sentence which succinctly describes what the bug is about." class="field_help_link" href="page.cgi?id=glossary.html#short_desc">Summary:</a>
</label>
</th>
<td><span title="VUL-0: CVE-2022-45154: supportconfig: does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh">VUL-0: CVE-2022-45154: supportconfig: does not remove passwords in /etc/iscsi... </span>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<script type="text/javascript">
hideAliasAndSummary('VUL-0: CVE-2022-45154: supportconfig: does not remove passwords in \/etc\/iscsi\/iscsid.conf and \/etc\/target\/lio_setup.sh', 'CVE-2022-45154');
</script>
<table class="edit_form">
<tbody>
<tr>
<td id="bz_show_bug_column_1" class="bz_show_bug_column">
<table>
<tbody>
<tr>
<th class="field_label">
<a href="page.cgi?id=status_resolution_matrix.html">Status</a>:
</th>
<td id="bz_field_status">
<span id="static_bug_status">IN_PROGRESS </span>
</td>
</tr>
<tr>
<td colspan="2" class="bz_section_spacer"></td>
</tr>
<tr>
<th class="field_label " id="field_label_classification">
<a title="Bugs are categorised into Classifications, Products and Components. classifications is the top-level categorisation." class="field_help_link" href="page.cgi?id=glossary.html#classification">Classification:</a>
</th>
<td class="field_value " id="field_container_classification">Novell Products</td>
</tr>
<tr>
<th class="field_label " id="field_label_product">
<a title="Bugs are categorised into Products and Components. Select a Classification to narrow down this list." class="field_help_link" href="describecomponents.cgi">Product:</a>
</th>
<td class="field_value " id="field_container_product">SUSE Security Incidents</td>
</tr>
<tr class="bz_default_hidden">
<th class="field_label " id="field_label_classification">
<a title="Bugs are categorised into Classifications, Products and Components. classifications is the top-level categorisation." class="field_help_link" href="page.cgi?id=glossary.html#classification">Classification:</a>
</th>
<td class="field_value " id="field_container_classification">Novell Products</td>
</tr>
<tr>
<th class="field_label " id="field_label_component">
<a title="Components are second-level categories; each belongs to a particular Product. Select a Product to narrow down this list." class="field_help_link" href="describecomponents.cgi?product=SUSE Security Incidents">Component:</a>
</th>
<td class="field_value " id="field_container_component">Incidents</td>
</tr>
<tr>
<th class="field_label " id="field_label_version">
<label for="version">
<a title="The version field defines the version of the software the bug was found in." class="field_help_link" href="page.cgi?id=glossary.html#version">Version:</a>
</label>
</th>
<td>unspecified </td>
</tr>
<tr>
<th class="field_label " id="field_label_rep_platform">
<label for="rep_platform" accesskey="h">
<a title="The hardware platform the bug was observed on. Note: When searching, selecting the option "All" only finds bugs whose value for this field is literally the word "All"." class="field_help_link" href="page.cgi?id=glossary.html#rep_platform">Hardware:</a>
</label>
</th>
<td class="field_value">x86-64 SLES 15 </td>
</tr>
<tr>
<td colspan="2" class="bz_section_spacer"></td>
</tr>
<tr>
<th class="field_label">
<label for="priority">
<a href="page.cgi?id=glossary.html#priority">Priority</a></label>:
</th>
<td>P3 - Medium <label for="severity">
<b>Severity</b></label>: Normal </td>
</tr>
<tr>
<th class="field_label">
<label for="target_milestone">
<a href="page.cgi?id=glossary.html#target_milestone">
Target Milestone</a></label>:
</th>
<td>--- </td>
</tr>
<tr>
<th class="field_label">
<a href="page.cgi?id=glossary.html#assigned_to">Assigned To</a>:
</th>
<td><span class="vcard"><span class="fn">Jason Record</span>
</span>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_qa_contact">
<label for="qa_contact" accesskey="q">
<a title="The person responsible for confirming this bug if it is unconfirmed, and for verifying the fix once the bug has been resolved." class="field_help_link" href="page.cgi?id=glossary.html#qa_contact">QA Contact:</a>
</label>
</th>
<td><span class="vcard"><span class="fn">Security Team bot</span>
</span>
</td>
</tr>
<script type="text/javascript">
assignToDefaultOnChange(['product', 'component'], 'security-team\x40suse.de', 'security-team\x40suse.de');
</script>
<tr>
<td colspan="2" class="bz_section_spacer"></td>
</tr>
<tr>
<th class="field_label " id="field_label_bug_file_loc">
<label for="bug_file_loc" accesskey="u">
<a title="Bugs can have a URL associated with them - for example, a pointer to a web site where the problem is seen." class="field_help_link" href="page.cgi?id=glossary.html#bug_file_loc">URL:</a>
</label>
</th>
<td>
<span id="bz_url_input_area">
<a href="https://smash.suse.de/issue/355072/">https://smash.suse.de/issue/355072/</a>
</span>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_status_whiteboard">
<label for="status_whiteboard" accesskey="w">
<a title="Each bug has a free-form single line text entry box for adding tags and status information." class="field_help_link" href="page.cgi?id=glossary.html#status_whiteboard">Whiteboard:</a>
</label>
</th>
<td colspan="2">
<span title="CVSSv3.1:SUSE:CVE-2022-45154:4.3:(AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)">CVSSv3.1:SUSE:CVE-2022-45154:4.3:(AV:... </span>
</td>
</tr>
<tr>
<th class="field_label">
<label for="keywords" accesskey="k">
<a href="describekeywords.cgi"><u>K</u>eywords</a></label>:
</th>
<td class="field_value" colspan="2">
</td>
</tr>
<tr>
<td colspan="2" class="bz_section_spacer"></td>
</tr>
<tr>
<th class="field_label " id="field_label_dependson">
<a title="The bugs listed here must be resolved before this bug can be resolved." class="field_help_link" href="page.cgi?id=glossary.html#dependson">Depends on:</a>
</th>
<td>
<span id="dependson_input_area">
</span>
<a class="bz_bug_link
bz_status_IN_PROGRESS " title="IN_PROGRESS" href="show_bug.cgi?id=1206350">1206350</a> <a class="bz_bug_link
bz_status_IN_PROGRESS " title="IN_PROGRESS" href="show_bug.cgi?id=1206402">1206402</a>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_blocked">
<a title="This bug must be resolved before the bugs listed in this field can be resolved." class="field_help_link" href="page.cgi?id=glossary.html#blocked">Blocks:</a>
</th>
<td>
<span id="blocked_input_area">
</span>
</td>
</tr>
<tr>
<th> </th>
<td colspan="2" align="left" id="show_dependency_tree_or_graph"> Show dependency <a href="showdependencytree.cgi?id=1207598&hide_resolved=1">tree</a> / <a href="showdependencygraph.cgi?id=1207598">graph</a>
</td>
</tr>
</tbody>
</table>
</td>
<td>
<div class="bz_column_spacer"> </div>
</td>
<td id="bz_show_bug_column_2" class="bz_show_bug_column">
<ul>
<li><a href="tr_new_case.cgi?product=SUSE%20Security%20Incidents&bug=1207598">Create test case</a></li>
</ul>
<ul>
<li><a href="enter_bug.cgi?cloned_bug_id=1207598">Clone This Bug</a></li>
</ul>
<table cellpadding="3" cellspacing="1">
<tbody>
<tr>
<th class="field_label"> Reported: </th>
<td>2023-01-26 16:42 UTC by <span class="vcard"><span class="fn">Marcus Meissner</span>
</span>
</td>
</tr>
<tr>
<th class="field_label"> Modified: </th>
<td>2023-02-16 14:00 UTC (<a href="show_activity.cgi?id=1207598">History</a>) </td>
</tr>
<tr>
<th class="field_label">
<label for="newcc" accesskey="a">CC List:</label>
</th>
<td>4 users <span id="cc_edit_area_showhide_container"> (<a href="#" id="cc_edit_area_showhide">show</a>) </span>
<div id="cc_edit_area" class="bz_default_hidden">
<br>
<select id="cc" multiple="multiple" size="5">
<option value="jason.record">jason.record</option>
<option value="moussa.sagna">moussa.sagna</option>
<option value="security-team">security-team</option>
<option value="stoyan.manolov">stoyan.manolov</option>
</select>
</div>
<script type="text/javascript">
hideEditableField('cc_edit_area_showhide_container', 'cc_edit_area', 'cc_edit_area_showhide', '', '');
</script>
</td>
</tr>
<tr>
<td colspan="2" class="bz_section_spacer"></td>
</tr>
<tr>
<th class="field_label " id="field_label_see_also">
<a title="This allows you to refer to bugs in other installations. You can enter a URL to a bug in the 'Add Bug URLs' field to note that that bug is related to this one. You can enter multiple URLs at once by separating them with a comma. You should normally use this field to refer to bugs in other installations. For bugs in this installation, it is better to use the Depends on and Blocks fields." class="field_help_link" href="page.cgi?id=glossary.html#see_also">See Also:</a>
</th>
<td class="field_value " id="field_container_see_also"></td>
</tr>
<tr>
<th class="field_label " id="field_label_cf_foundby">
<a title="A custom Drop Down field in this installation of Bugzilla." class="field_help_link" href="page.cgi?id=glossary.html#cf_foundby">Found By:</a>
</th>
<td class="field_value " id="field_container_cf_foundby" colspan="2">Customer</td>
</tr>
<tr>
<th class="field_label " id="field_label_cf_nts_priority">
<a title="A custom Free Text field in this installation of Bugzilla." class="field_help_link" href="page.cgi?id=glossary.html#cf_nts_priority">Services Priority:</a>
</th>
<td class="field_value " id="field_container_cf_nts_priority" colspan="2"></td>
</tr>
<tr>
<th class="field_label " id="field_label_cf_biz_priority">
<a title="A custom Free Text field in this installation of Bugzilla." class="field_help_link" href="page.cgi?id=glossary.html#cf_biz_priority">Business Priority:</a>
</th>
<td class="field_value " id="field_container_cf_biz_priority" colspan="2"></td>
</tr>
<tr>
<th class="field_label " id="field_label_cf_blocker">
<a title="A custom Drop Down field in this installation of Bugzilla." class="field_help_link" href="page.cgi?id=glossary.html#cf_blocker">Blocker:</a>
</th>
<td class="field_value " id="field_container_cf_blocker" colspan="2">---</td>
</tr>
<tr>
<th class="field_label bz_hidden_field" id="field_label_cf_marketing_qa_status">
<a title="A custom Drop Down field in this installation of Bugzilla." class="field_help_link" href="page.cgi?id=glossary.html#cf_marketing_qa_status">Marketing QA Status:</a>
</th>
<td class="field_value bz_hidden_field" id="field_container_cf_marketing_qa_status" colspan="2">---</td>
</tr>
<tr>
<th class="field_label bz_hidden_field" id="field_label_cf_it_deployment">
<a title="A custom Drop Down field in this installation of Bugzilla." class="field_help_link" href="page.cgi?id=glossary.html#cf_it_deployment">IT Deployment:</a>
</th>
<td class="field_value bz_hidden_field" id="field_container_cf_it_deployment" colspan="2">---</td>
</tr>
<tr>
<td colspan="2" class="bz_section_spacer"></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="3">
<hr id="bz_top_half_spacer">
</td>
</tr>
</tbody>
</table>
<table id="bz_big_form_parts" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td>
<script type="text/javascript">
<!--
function toggle_display(link) {
var table = document.getElementById("attachment_table");
var view_all = document.getElementById("view_all");
var hide_obsolete_url_parameter = "&hide_obsolete=1";
// Store current height for scrolling later
var originalHeight = table.offsetHeight;
var rows = YAHOO.util.Dom.getElementsByClassName('bz_tr_obsolete', 'tr', table);
for (var i = 0; i < rows.length; i++) {
bz_toggleClass(rows[i], 'bz_default_hidden');
}
if (YAHOO.util.Dom.hasClass(rows[0], 'bz_default_hidden')) {
link.innerHTML = "Show Obsolete";
view_all.href = view_all.href + hide_obsolete_url_parameter
} else {
link.innerHTML = "Hide Obsolete";
view_all.href = view_all.href.replace(hide_obsolete_url_parameter, "");
}
var newHeight = table.offsetHeight;
// This scrolling makes the window appear to not move at all.
window.scrollBy(0, newHeight - originalHeight);
return false;
}
//
-->
</script>
<br>
<table id="attachment_table" cellspacing="0" cellpadding="4">
<tbody>
<tr id="a0">
<th colspan="2" align="left"> Attachments </th>
</tr>
<tr class="bz_attach_footer">
<td colspan="2">
<a href="attachment.cgi?bugid=1207598&action=enter">Add an attachment</a> (proposed patch, testcase, etc.)
</td>
</tr>
</tbody>
</table>
<br>
<div id="add_comment" class="bz_section_additional_comments">
<table>
<tbody>
<tr>
<td>
<fieldset>
<legend>Note</legend> You need to <a href="show_bug.cgi?id=1207598&GoAheadAndLogIn=1">log in</a> before you can comment on or make changes to this bug.
</fieldset>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<div id="comments">
<script src="js/comments.js?1411227336" type="text/javascript">
</script>
<script type="text/javascript">
<!--
/* Adds the reply text to the `comment' textarea */
function replyToComment(id, real_id, name) {
var prefix = "(In reply to " + name + " from comment #" + id + ")\n";
var replytext = "";
/* pre id="comment_name_N" */
var text_elem = document.getElementById('comment_text_' + id);
var text = getText(text_elem);
replytext = prefix + wrapReplyText(text);
/* <textarea id="comment"> */
var textarea = document.getElementById('comment');
if (textarea.value != replytext) {
textarea.value += replytext;
}
textarea.focus();
}
//
-->
</script>
<!-- This auto-sizes the comments and positions the collapse/expand links
to the right. -->
<table class="bz_comment_table" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td>
<div id="c0" class="bz_comment bz_first_comment">
<div class="bz_first_comment_head">
<span class="bz_comment_number">
<a href="show_bug.cgi?id=1207598#c0">Description</a>
</span>
<span class="bz_comment_user">
<span class="vcard"><span class="fn">Marcus Meissner</span>
</span>
</span>
<span class="bz_comment_time"> 2023-01-26 16:42:11 UTC </span>
</div>
<pre class="bz_comment_text">+++ This bug was initially created as a clone of <a class="bz_bug_link
bz_status_IN_PROGRESS " title="IN_PROGRESS" href="show_bug.cgi?id=1206402">Bug #1206402</a> +++
Problem details:
Supportconfig writes the content of /etc/iscsi/iscsid.conf to etc.txt.
Some passwords are written in iscsid.conf, so supportconfig is supposed to replace the passwords with another string.
However, supportconfig does not replace the following 2 passwords,
node.session.auth.password_in = <password>
discovery.sendtargets.auth.password_in = <password>
though it replaces the following 2 passwords.
node.session.auth.password = *REMOVED BY SUPPORTCONFIG*
discovery.sendtargets.auth.password = *REMOVED BY SUPPORTCONFIG*
Please fix the supportutils package to replace the passwords specified by "***.password_in = ".
The supportutils package for SLES 12 code streams and for LTSS versions of SLES 15 also has the same problem.
So please fix it for them as well.
Version-Release number of selected component:
SLES version (incl. Service Pack): SLES15SP4
Architecture: x86_64
Kernel Version (uname -r): 5.14.21-150400.24.21-default
Related Package and Version: supportutils-3.1.21-150300.7.35.15.1
Related Middleware/Application (incl. version):
Architecture/Hardware dependency:
None
Reproducibility:
Always
Step to Reproduce:
1. Uncomment the following 2 lines in /etc/iscsi/iscsid.conf.
node.session.auth.password_in = password_in
discovery.sendtargets.auth.password_in = password_in
2. Run the command, "supportconfig".
Actual Results:
Supportconfig does not replace the passwords specified by "***.password_in = ".
Expected Results:
Supportconfig replaces the passwords specified by "***.password_in = " with the string, *REMOVED BY SUPPORTCONFIG*, as follows.
node.session.auth.password_in = *REMOVED BY SUPPORTCONFIG*
discovery.sendtargets.auth.password_in = *REMOVED BY SUPPORTCONFIG*
Summary of actions taken to resolve issue:
Users manually remove these passwords from etc.txt after running supportconfig.
Location of diagnostic data:
None
Business Impact:
Customers may hesitate to provide a supportconfig archive because they are concerned about leakage of confidential information.
This prevents providing smooth support services.
Additional Info:
This bug is related to <a href="http://bugzilla.suse.com/show_bug.cgi?id=1203818">bsc#1203818</a>.
The following patch can fix this bug.
diff --git a/bin/supportconfig.rc b/bin/supportconfig.rc
index a365479..ece3e62 100644
--- a/bin/supportconfig.rc
+++ b/bin/supportconfig.rc
@@ -475,6 +475,7 @@ _sanitize_file() {
sed -i -e "s!\(<user_password>\).*\(</user_password>\)!\1$REPLACED\2!g;s/\(^ProxyUser[[:space:]]*=\).*/\1 $REPLACED/g" $CLEAN_FILE
sed -i -e "s/\(^credentials[[:space:]]*=\).*/\1 $REPLACED/g;s/\(secret[[:space:]]*=\).*/\1 $REPLACED/g" $CLEAN_FILE
sed -i -e "s/\(.*password.*}[[:space:]]*=\).*/\1 $REPLACED/g" $CLEAN_FILE
+ sed -i -e "s/\(.*password_in[[:space:]]*=\).*/\1 $REPLACED/g" $CLEAN_FILE
}</pre>
</div>
<div id="c1" class="bz_comment">
<div class="bz_comment_head">
<span class="bz_comment_number">
<a href="show_bug.cgi?id=1207598#c1">Comment 1</a>
</span>
<span class="bz_comment_user">
<span class="vcard"><span class="fn">Marcus Meissner</span>
</span>
</span>
<span class="bz_comment_time"> 2023-01-26 16:45:21 UTC </span>
</div>
<pre class="bz_comment_text">Problem details:
Supportconfig writes the content of /etc/target/lio_setup.sh to fs-iscsi.txt.
In lio_setup.sh, some passwords are written as follows.
echo -n <password> > /sys/kernel/config/target/iscsi/discovery_auth/password_mutual
echo -n <password> > /sys/kernel/config/target/iscsi/discovery_auth/password
Supportconfig is to supposed to replace the passwords with another string,
but supportconfig does not replace the above passwords.
Please fix the supportutils package to replace the above passwords.
Version-Release number of selected component:
SLES version (incl. Service Pack): SLES12SP5
Architecture: x86_64
Kernel Version (uname -r): 4.12.14-122.139-default
Related Package and Version: supportutils-3.0.10-95.51.1
Related Middleware/Application (incl. version):
Architecture/Hardware dependency:
None
Reproducibility:
Always
Step to Reproduce:
1. Run "yast iscsi-lio-server".
2. Go to "Global" tab and set up authentication information.
3. Select "Finish".
4. Run "supportconfig".
Actual Results:
Supportconfig does not replace the passwords written in /etc/target/lio_setup.sh.
Expected Results:
Supportconfig replaces the passwords in /etc/target/lio_setup.sh with the string, *REMOVED BY SUPPORTCONFIG*, as follows.
echo -n *REMOVED BY SUPPORTCONFIG* > /sys/kernel/config/target/iscsi/discovery_auth/password_mutual
echo -n *REMOVED BY SUPPORTCONFIG* > /sys/kernel/config/target/iscsi/discovery_auth/password
Summary of actions taken to resolve issue:
Users manually remove these passwords from fs-iscsi.txt after running supportconfig.
Location of diagnostic data:
None
Business Impact:
Customers may hesitate to provide a supportconfig archive because they are concerned about leakage of confidential information.
This prevents providing smooth support services.
Additional Info:
This bug is related to <a href="http://bugzilla.suse.com/show_bug.cgi?id=1203818">bsc#1203818</a>.</pre>
</div>
<div id="c2" class="bz_comment">
<div class="bz_comment_head">
<span class="bz_comment_number">
<a href="show_bug.cgi?id=1207598#c2">Comment 2</a>
</span>
<span class="bz_comment_user">
<span class="vcard"><span class="fn">Marcus Meissner</span>
</span>
</span>
<span class="bz_comment_time"> 2023-01-26 16:48:11 UTC </span>
</div>
<pre class="bz_comment_text">i allocated single CVE CVE-2022-45154 for both issues.</pre>
</div>
</td>
<td>
</td>
</tr>
</tbody>
</table>
</div>
</form>GET buglist.cgi
<form action="buglist.cgi" method="get" onsubmit="if (this.quicksearch.value == '')
{ alert('Please enter one or more search terms first.');
return false; } return true;">
<input type="hidden" id="no_redirect_bottom" name="no_redirect" value="1">
<script type="text/javascript">
if (history && history.replaceState) {
var no_redirect = document.getElementById("no_redirect_bottom");
no_redirect.value = 1;
}
</script>
<input class="txt" type="text" id="quicksearch_bottom" name="quicksearch" title="Quick Search" value="">
<input class="btn" type="submit" value="Search" id="find_bottom">
</form>POST show_bug.cgi?id=1207598
<form action="show_bug.cgi?id=1207598" method="POST" class="mini_login bz_default_hidden" id="mini_login_bottom" onsubmit="return check_mini_login_fields( '_bottom' );">
<input id="Bugzilla_login_bottom" class="bz_login bz_mini_login_help" name="Bugzilla_login" title="Login" onfocus="mini_login_on_focus('_bottom')">
<input class="bz_password bz_default_hidden" id="Bugzilla_password_bottom" name="Bugzilla_password" type="password" title="Password">
<input class="bz_password bz_mini_login_help" type="text" id="Bugzilla_password_dummy_bottom" value="password" title="Password" onfocus="mini_login_on_focus('_bottom')">
<input type="submit" name="GoAheadAndLogIn" value="Log in" id="log_in_bottom">
<script type="text/javascript">
mini_login_constants = {
"login": "login",
"warning": "You must set the login and password before logging in."
};
if (YAHOO.env.ua.gecko || YAHOO.env.ua.ie || YAHOO.env.ua.opera) {
YAHOO.util.Event.onDOMReady(function() {
init_mini_login_form('_bottom');
});
} else {
YAHOO.util.Event.on(window, 'load', function() {
window.setTimeout(function() {
init_mini_login_form('_bottom');
}, 200);
});
}
</script>
<a href="#" onclick="return hide_mini_login_form('_bottom')">[x]</a>
</form><form id="testopia_helper_frm"></form>Text Content
Bugzilla – Bug 1207598
VUL-0: CVE-2022-45154: supportconfig: does not remove passwords in
/etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh
Last modified: 2023-02-16 14:00:10 UTC
* Home
* | New
* | Browse
* | Search
* |
[?]
* | Reports
* | Requests
* | Help
* | Log In
[x]
* | Forgot Password
First Last Prev Next This bug is not in your last search results.
Bug 1207598 - (CVE-2022-45154) VUL-0: CVE-2022-45154: supportconfig: does not
remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh
(CVE-2022-45154) Summary: VUL-0: CVE-2022-45154: supportconfig: does not remove
passwords in /etc/iscsi...
Status: IN_PROGRESS Classification: Novell Products Product: SUSE Security
Incidents Classification: Novell Products Component: Incidents Version:
unspecified Hardware: x86-64 SLES 15 Priority: P3 - Medium Severity: Normal
Target Milestone: --- Assigned To: Jason Record QA Contact: Security Team bot
URL: https://smash.suse.de/issue/355072/ Whiteboard:
CVSSv3.1:SUSE:CVE-2022-45154:4.3:(AV:... Keywords: Depends on: 1206350 1206402
Blocks: Show dependency tree / graph
* Create test case
* Clone This Bug
Reported: 2023-01-26 16:42 UTC by Marcus Meissner Modified: 2023-02-16 14:00 UTC
(History) CC List: 4 users (show)
jason.record moussa.sagna security-team stoyan.manolov
See Also: Found By: Customer Services Priority: Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
--------------------------------------------------------------------------------
Attachments Add an attachment (proposed patch, testcase, etc.)
Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2023-01-26 16:42:11 UTC
+++ This bug was initially created as a clone of Bug #1206402 +++
Problem details:
Supportconfig writes the content of /etc/iscsi/iscsid.conf to etc.txt.
Some passwords are written in iscsid.conf, so supportconfig is supposed to replace the passwords with another string.
However, supportconfig does not replace the following 2 passwords,
node.session.auth.password_in = <password>
discovery.sendtargets.auth.password_in = <password>
though it replaces the following 2 passwords.
node.session.auth.password = *REMOVED BY SUPPORTCONFIG*
discovery.sendtargets.auth.password = *REMOVED BY SUPPORTCONFIG*
Please fix the supportutils package to replace the passwords specified by "***.password_in = ".
The supportutils package for SLES 12 code streams and for LTSS versions of SLES 15 also has the same problem.
So please fix it for them as well.
Version-Release number of selected component:
SLES version (incl. Service Pack): SLES15SP4
Architecture: x86_64
Kernel Version (uname -r): 5.14.21-150400.24.21-default
Related Package and Version: supportutils-3.1.21-150300.7.35.15.1
Related Middleware/Application (incl. version):
Architecture/Hardware dependency:
None
Reproducibility:
Always
Step to Reproduce:
1. Uncomment the following 2 lines in /etc/iscsi/iscsid.conf.
node.session.auth.password_in = password_in
discovery.sendtargets.auth.password_in = password_in
2. Run the command, "supportconfig".
Actual Results:
Supportconfig does not replace the passwords specified by "***.password_in = ".
Expected Results:
Supportconfig replaces the passwords specified by "***.password_in = " with the string, *REMOVED BY SUPPORTCONFIG*, as follows.
node.session.auth.password_in = *REMOVED BY SUPPORTCONFIG*
discovery.sendtargets.auth.password_in = *REMOVED BY SUPPORTCONFIG*
Summary of actions taken to resolve issue:
Users manually remove these passwords from etc.txt after running supportconfig.
Location of diagnostic data:
None
Business Impact:
Customers may hesitate to provide a supportconfig archive because they are concerned about leakage of confidential information.
This prevents providing smooth support services.
Additional Info:
This bug is related to bsc#1203818.
The following patch can fix this bug.
diff --git a/bin/supportconfig.rc b/bin/supportconfig.rc
index a365479..ece3e62 100644
--- a/bin/supportconfig.rc
+++ b/bin/supportconfig.rc
@@ -475,6 +475,7 @@ _sanitize_file() {
sed -i -e "s!\(<user_password>\).*\(</user_password>\)!\1$REPLACED\2!g;s/\(^ProxyUser[[:space:]]*=\).*/\1 $REPLACED/g" $CLEAN_FILE
sed -i -e "s/\(^credentials[[:space:]]*=\).*/\1 $REPLACED/g;s/\(secret[[:space:]]*=\).*/\1 $REPLACED/g" $CLEAN_FILE
sed -i -e "s/\(.*password.*}[[:space:]]*=\).*/\1 $REPLACED/g" $CLEAN_FILE
+ sed -i -e "s/\(.*password_in[[:space:]]*=\).*/\1 $REPLACED/g" $CLEAN_FILE
}
Comment 1 Marcus Meissner 2023-01-26 16:45:21 UTC
Problem details:
Supportconfig writes the content of /etc/target/lio_setup.sh to fs-iscsi.txt.
In lio_setup.sh, some passwords are written as follows.
echo -n <password> > /sys/kernel/config/target/iscsi/discovery_auth/password_mutual
echo -n <password> > /sys/kernel/config/target/iscsi/discovery_auth/password
Supportconfig is to supposed to replace the passwords with another string,
but supportconfig does not replace the above passwords.
Please fix the supportutils package to replace the above passwords.
Version-Release number of selected component:
SLES version (incl. Service Pack): SLES12SP5
Architecture: x86_64
Kernel Version (uname -r): 4.12.14-122.139-default
Related Package and Version: supportutils-3.0.10-95.51.1
Related Middleware/Application (incl. version):
Architecture/Hardware dependency:
None
Reproducibility:
Always
Step to Reproduce:
1. Run "yast iscsi-lio-server".
2. Go to "Global" tab and set up authentication information.
3. Select "Finish".
4. Run "supportconfig".
Actual Results:
Supportconfig does not replace the passwords written in /etc/target/lio_setup.sh.
Expected Results:
Supportconfig replaces the passwords in /etc/target/lio_setup.sh with the string, *REMOVED BY SUPPORTCONFIG*, as follows.
echo -n *REMOVED BY SUPPORTCONFIG* > /sys/kernel/config/target/iscsi/discovery_auth/password_mutual
echo -n *REMOVED BY SUPPORTCONFIG* > /sys/kernel/config/target/iscsi/discovery_auth/password
Summary of actions taken to resolve issue:
Users manually remove these passwords from fs-iscsi.txt after running supportconfig.
Location of diagnostic data:
None
Business Impact:
Customers may hesitate to provide a supportconfig archive because they are concerned about leakage of confidential information.
This prevents providing smooth support services.
Additional Info:
This bug is related to bsc#1203818.
Comment 2 Marcus Meissner 2023-01-26 16:48:11 UTC
i allocated single CVE CVE-2022-45154 for both issues.
--------------------------------------------------------------------------------
* Format For Printing
* - XML
* - Clone This Bug
* - Top of page
First Last Prev Next This bug is not in your last search results.
* * Home
* | New
* | Browse
* | Search
* |
[?]
* | Reports
* | Requests
* | Help
* | Log In
[x]
* | Forgot Password
* Legal:
* openSUSE
* SUSE