CVE-2015-4053 – ceph-deploy admin command copies keyring file to /etc/ceph which is world readable

https://notcve.org/view.php?id=CVE-2015-4053

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. El comando de administración en ceph-deploy anterior a 1.5.25 utiliza permisos de lectura universal para /etc/ceph/ceph.client.admin.keyring, lo que permite a usuarios locales obtener información sensible mediante la lectura del fichero. It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file. • http://rhn.redhat.com/errata/RHSA-2015-1092.html http://tracker.ceph.com/issues/11694 http://www.openwall.com/lists/oss-security/2015/04/09/9 http://www.openwall.com/lists/oss-security/2015/05/22/1 http://www.securityfocus.com/bid/74775 https://access.redhat.com/security/cve/CVE-2015-4053 https://bugzilla.redhat.com/show_bug.cgi?id=1224129 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •