This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

Security Update for CVE-2015-5699 (Configuring sudo Access to Several cl-* Commands Results in Local Privilege Escalation Vulnerability)

Follow

This release note documents the security fix for:

If a switch's /etc/sudoers configuration is modified to allow a non-root user account to run cl-rctl, cl-bgp, cl-ospf, cl-ospf6 or cl-ra as root, that user can exploit shell meta-characters to run any other arbitrary commands as root. 

If non-root users are not explicitly configured to have sudo access to those commands, the configuration is not vulnerable.

By default, /etc/sudoers in Cumulus Linux and Cumulus RMP does not expose the vulnerability. If /etc/sudoers is modified as described above, this vulnerability affects all Cumulus Linux and Cumulus RMP releases from version 2.5.3 and earlier. 

To apply the security patch, run:

  1. Update your Cumulus Linux or Cumulus RMP distribution. Run:
    cumulus@switch:~$ sudo apt-get update
  2. Upgrade the distribution to apply the patch. Run:
    cumulus@switch:~$ sudo apt-get install python-clcmd 
  3. Restart the clcmd_server service:
    cumulus@switch:~$ sudo service clcmd_server restart
  4. Verify the package was updated:
    cumulus@switch:~$ dpkg -l | grep python-clcmd
    ii python-clcmd 0.01-cl2.5+3 all Cumulus linux command line

For details on the Cumulus Networks policy regarding security vulnerabilities, see this article.

Acknowledgements

Cumulus Networks would like to thank Gregory Pickett of Hellfire Security for reporting this vulnerability.

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk