In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property.
References: https://nvd.nist.gov/vuln/detail/CVE-2021-44225 https://github.com/acassen/keepalived/pull/2063 Signed-off-by: Jonas Gorski <jonas.gor...@bisdn.de> --- Since both kirkstone and mickledore use 2.2.2, and their recipes are identical, the patch applies to both. Only build and runtested on kirkstone though. .../keepalived/CVE-2021-44225.patch | 44 +++++++++++++++++++ .../keepalived/keepalived_2.2.2.bb | 3 ++ 2 files changed, 47 insertions(+) create mode 100644 meta-networking/recipes-daemons/keepalived/keepalived/CVE-2021-44225.patch diff --git a/meta-networking/recipes-daemons/keepalived/keepalived/CVE-2021-44225.patch b/meta-networking/recipes-daemons/keepalived/keepalived/CVE-2021-44225.patch new file mode 100644 index 000000000000..ae387ac5faf4 --- /dev/null +++ b/meta-networking/recipes-daemons/keepalived/keepalived/CVE-2021-44225.patch @@ -0,0 +1,44 @@ +From 7977fec0be89ae6fe87405b3f8da2f0b5e415e3d Mon Sep 17 00:00:00 2001 +From: Vincent Bernat <vinc...@bernat.ch> +Date: Tue, 23 Nov 2021 06:50:59 +0100 +Subject: [PATCH] dbus: fix policy to not be overly broad + +The DBus policy did not restrict the message destination, allowing any +user to inspect and manipulate any property. + +Signed-off-by: Vincent Bernat <vinc...@bernat.ch> + +CVE: CVE-2021-44225 + +Upstream-Status: Backport [https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d] + +Signed-off-by: Jonas Gorski <jonas.gor...@bisdn.de> +--- + keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf +index 2b78a575c..b5ced6085 100644 +--- a/keepalived/dbus/org.keepalived.Vrrp1.conf ++++ b/keepalived/dbus/org.keepalived.Vrrp1.conf +@@ -3,12 +3,15 @@ + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";> + <busconfig> + <policy user="root"> +- <allow own="org.keepalived.Vrrp1"/> +- <allow send_destination="org.keepalived.Vrrp1"/> ++ <allow own="org.keepalived.Vrrp1" /> ++ <allow send_destination="org.keepalived.Vrrp1" /> + </policy> + <policy context="default"> +- <allow send_interface="org.freedesktop.DBus.Introspectable" /> +- <allow send_interface="org.freedesktop.DBus.Peer" /> +- <allow send_interface="org.freedesktop.DBus.Properties" /> ++ <allow send_destination="org.keepalived.Vrrp1" ++ send_interface="org.freedesktop.DBus.Introspectable" /> ++ <allow send_destination="org.keepalived.Vrrp1" ++ send_interface="org.freedesktop.DBus.Peer" /> ++ <allow send_destination="org.keepalived.Vrrp1" ++ send_interface="org.freedesktop.DBus.Properties" /> + </policy> + </busconfig> diff --git a/meta-networking/recipes-daemons/keepalived/keepalived_2.2.2.bb b/meta-networking/recipes-daemons/keepalived/keepalived_2.2.2.bb index 204d2fd1163c..dcfbf5f46bdc 100644 --- a/meta-networking/recipes-daemons/keepalived/keepalived_2.2.2.bb +++ b/meta-networking/recipes-daemons/keepalived/keepalived_2.2.2.bb @@ -10,8 +10,11 @@ HOMEPAGE = "http://www.keepalived.org/"; LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" +PR = "r1" + SRC_URI = "http://www.keepalived.org/software/${BP}.tar.gz \ file://0001-layer4-Change-order-of-include-files.patch \ + file://CVE-2021-44225.patch \ " SRC_URI[sha256sum] = "103692bd5345a4ed9f4581632ea636214fdf53e45682e200aab122c4fa674ece" UPSTREAM_CHECK_URI = "https://github.com/acassen/keepalived/releases"; -- 2.42.0 -- BISDN GmbH Körnerstraße 7-10 10785 Berlin Germany Phone: +49-30-6108-1-6100 Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel Commercial register: Amtsgericht Berlin-Charlottenburg HRB 141569 B VAT ID No: DE283257294
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105066): https://lists.openembedded.org/g/openembedded-devel/message/105066 Mute This Topic: https://lists.openembedded.org/mt/101520866/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
