Project

General

Profile

Actions

Bug #14866

closed

It is possible to download policies from any Windows node knowing its id by getting a forged inventory accepted

Added by Alexis Mousset over 5 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:

Description

There is no consistency check between the node id and the userId in the certificate's subject name when receiving an inventory, so it is possible to provide a certificate with a different node id and get the inventory accepted.

It may also be possible to provide a different certificate in a new inventory after taking control of an existing node (but signed with the previous one), which would be easier to exploit.

Then it is possible to download the targeted Windows node's policies as apache has no way to know the node associated with a certificate except from the content of the certificate itself.

It is not possible with Unix agents as the link between a uuid and a public key is based on ldap content directly.


Subtasks 1 (0 open1 closed)

Bug #15236: New node inventories without certificate aren't accepted anymoreReleasedFrançois ARMANDActions

Related issues 1 (0 open1 closed)

Related to Rudder - User story #6363: Secure agent/server communicationReleased2011-03-28Actions
Actions #1

Updated by Alexis Mousset over 5 years ago

  • Subject changed from It [may be] possible to download policies from any Windowsnode knowing its uuid by getting a forged inventory accepted to It [may be] possible to download policies from any Windows node knowing its id by getting a forged inventory accepted
Actions #2

Updated by Alexis Mousset over 5 years ago

Actions #3

Updated by Alexis Mousset over 5 years ago

  • Subject changed from It [may be] possible to download policies from any Windows node knowing its id by getting a forged inventory accepted to It is possible to download policies from any Windows node knowing its id by getting a forged inventory accepted
  • Description updated (diff)
Actions #4

Updated by Alexis Mousset over 5 years ago

  • User visibility set to Operational - other Techniques | Rudder settings | Plugins
  • Effort required set to Small
  • Priority changed from 0 to 91
Actions #5

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.10 to 5.0.11
Actions #6

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.11 to 5.0.12
Actions #7

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.12 to 5.0.13
  • Priority changed from 91 to 90
Actions #8

Updated by François ARMAND over 5 years ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND
Actions #9

Updated by François ARMAND over 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/2309
Actions #10

Updated by Rudder Quality Assistant over 5 years ago

  • Assignee changed from Vincent MEMBRÉ to François ARMAND
Actions #11

Updated by François ARMAND over 5 years ago

  • Status changed from Pending technical review to Pending release
Actions #12

Updated by Vincent MEMBRÉ over 5 years ago

  • Priority changed from 90 to 88
  • Fix check set to To do
Actions #13

Updated by Vincent MEMBRÉ over 5 years ago

  • Name check set to To do
Actions #14

Updated by François ARMAND over 5 years ago

  • Priority changed from 88 to 87
  • Fix check changed from To do to Checked
Actions #15

Updated by Vincent MEMBRÉ over 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 5.0.13 which was released today.

Actions #16

Updated by Alexis Mousset over 4 years ago

  • Category changed from Web - Nodes & inventories to Security
  • Priority changed from 87 to 76
Actions #17

Updated by Alexis Mousset over 1 year ago

  • Private changed from Yes to No
  • Priority changed from 76 to 0
Actions

Also available in: Atom PDF