iDEFENSE Security Advisory 08.08.2002 - Linux-iSCSI, an implementation of the iSCSI protocol, uses a config file that is world writable by default.
eadb00d67bce05eb26517a6aaeb26e36052d4a3bad13947038d571f9b0e8edb9
iDEFENSE Security Advisory 08.08.2002
iSCSI Default Configuration File Settings
DESCRIPTION
iSCSI is a popular new protocol that allows the SCSI protocol
to be used over traditional IP networks. This allows for SAN
like storage arrays without requiring new network
infrastructure. iSCSIs primary authentication mechanism for
users is the CHAP protocol (Challenge Handshake Authentication
Protocol), which is very resilient against replay attacks and
provides strong protection for the users password. The CHAP
protocol requires the users password to connect, and in order
to automate this process the user must provide the cleartext
password to the system that is then stored, typically in
cleartext, so that it will be accessible when needed. Care
must be taken to ensure configuration files containing the
cleartext password are properly protected. For more
information on the CHAP protocol please see RFC 1994.
The primary iSCSI implementation for Linux, Linux-iSCSI is a
freely available software package primarily maintained by
Cisco Systems. This package stores it primary configuration
directives in the file:
/etc/iscsi.conf
This file is created world writeable by default and no mention
is made in the file of the importance of protecting it from
being read by attackers. At least one vendor has shipped this
file world readable in the default configuration of a beta
release of an operating system, when notified they stated it
would be fixed in the release version of the operating system.
ANALYSIS
Any authentication systems that require cleartext passwords to
be stored should be carefully audited to ensure that passwords
are properly protected. This problem can also potentially
affect numerous packages, ranging from NTP and BIND to iSCSI
all of which require stored passwords or secrets.
DETECTION
Check the permissions on the file:
/etc/iscsi.conf
The file should be owned by the user and group root, and only
the root user should be granted read and write access to the
file, all other permissions should be removed (i.e. file
permissions should be 0400)
VENDOR RESPONSE
Red Hat has confirmed that the file /etc/iscsi.conf was set
world readable in the Limbo Beta, and that it will be fixed in
the next release version of Red Hat Linux. SuSE has confirmed
that the file permissions are set correctly on
/etc/iscsi.conf. No other major Linux vendors appear to be
shipping the iSCSI package yet.
DISCOVERY CREDIT
Kurt Seifried (kurt@seifried.org)
DISCLOSURE TIMELINE
July 11, 2002: Problem found on Red Hat Linux Limbo Beta #1
Initial contacts sent to Red Hat, SuSE and Cisco
July 12, 2002: SuSE confirms file mode 600 by default, not
vulnerable
Email sent to Matthew Franz at Cisco, additional Cisco
employees also contacted, iSCSI for Linux is an external
project at Cisco, PSIRT was not used, no response ever
received.
July 17, 2002: iDEFENSE client disclosure
July 29, 20022: Problem confirmed in Red Hat Limbo Beta #2,
Red Hat contacted again, no response received.
August 6, 2002: No update of Linux iSCSI, nor mention of
problem on website.
August 8, 2002: Public Advisory
http://www.idefense.com/contributor.html
David Endler, CISSP
Director, Technical Intelligence
iDEFENSE, Inc.
14151 Newbrook Drive
Suite 100
Chantilly, VA 20151
voice: 703-344-2632
fax: 703-961-1071
dendler@idefense.com
www.idefense.com