Ticket #2411 (closed security issue: fixed)
[Security Fail] Data like Database login credentials can be compromised
| Reported by: | nuxwin | Owned by: | nuxwin |
|---|---|---|---|
| Priority: | critical | Milestone: | ispCP ω 1.0.6 |
| Component: | Backend (Engine) | Version: | ispCP ω 1.0.5 |
| Severity: | Easy | Keywords: | |
| Cc: |
Description (last modified by nuxwin) (diff)
During backup restoration, and if the admin was enabled DEBUG mode, and if an user can read the logfile /var/log/ispcp/ispcp-dmn-mngr.stdout, some data will be compromised, such as database login credentials.
Note that currently, the /var/log/ispcp/ispcp-dmn-mngr.stdout logfile is readable by everyone (0644).
DEBUG: push_el() sub_name: dmn_restore_data(), msg: Starting...
DEBUG: push_el() sub_name: sys_command(), msg: Starting...
DEBUG: push_el() sub_name: sys_command('/bin/tar -x -p --bzip2 -C '/var/www/virtual/nuxwin.net' -f '/var/www/virtual/nuxwin.net/backups/nuxwin.net-backup-2010.07.29-192419.tar.bz2''), msg: Ending...
DEBUG: push_el() sub_name: sys_command(), msg: Starting...
DEBUG: push_el() sub_name: sys_command('/bin/chown -R 2015:www-data /var/www/virtual/nuxwin.net'), msg: Ending...
DEBUG: push_el() sub_name: sys_command(), msg: Starting...
DEBUG: push_el() sub_name: sys_command('/bin/chown -R 2015:2015 /var/www/virtual/nuxwin.net/htdocs'), msg: Ending...
DEBUG: push_el() sub_name: sys_command(), msg: Starting...
DEBUG: push_el() sub_name: sys_command('/bin/chown -R 2015:2015 /var/www/virtual/nuxwin.net/cgi-bin'), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: decrypt_db_password(), msg: Starting...
DEBUG: push_el() sub_name: decrypt_db_password(), msg: Ending...
DEBUG: push_el() sub_name: sys_command(), msg: Starting...
DEBUG: push_el() sub_name: sys_command('/bin/bzcat -d /var/www/virtual/nuxwin.net/backups/nuxwintesting.sql.bz2 | /usr/bin/mysql --user="nuxwintesting" --password="abcdef23" --database="nuxwintesting"'), msg: Ending...
DEBUG: push_el() sub_name: dmn_restore_data(), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: dmn_mngr_engine(), msg: Ending...
DEBUG: push_el() sub_name: dmn_mngr_shut_down(), msg: Starting...
DEBUG: push_el() sub_name: dmn_mngr_shut_down(), msg: Ending...
Update (20100730)
An Identical security hole was discovered today in these scripts:
- engine/backup/ispcp-backup-all
- engine/backup/ispcp-backup-ispcp
The patch against ispCP Omega 1.0.5 was updated.
Attachments
-
2010072901.patch
(2.3 KB) -
added by nuxwin 19 months ago.
- patch against ispCP Omega 1.0.5 (Updated 20100730)
Change History
comment:3 Changed 19 months ago by nuxwin
Fixed in my working copy. I'll provide patch against ispCP 1.0.5.
Changed 19 months ago by nuxwin
-
attachment
2010072901.patch
added
patch against ispCP Omega 1.0.5 (Updated 20100730)
comment:6 Changed 19 months ago by nuxwin
The patch was updated today because the same security hole was discovered in backup scripts.
comment:10 Changed 19 months ago by nuxwin
- Status changed from assigned to closed
- Resolution set to fixed
See r3135
comment:12 Changed 18 months ago by nuxwin
- Summary changed from [SECURITY_FAIL] Data like Database login credentials can be compromised to [Security Fail] Data like Database login credentials can be compromised
Note: See
TracTickets for help on using
tickets.
