-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Title: FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)
Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-1415.txt.asc
Date published: 2015-04-07
Vendors contacted: FreeBSD
Release mode: Coordinated release
FreeBSD is a UNIX-like operating system.
FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an
encrypted ZFS filesystem by default.
When using the encryption system within ZFS during the installation of
FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions
which allow local users to read this file.
Even if the keyfile is passphrase-encrypted, it can present a risk.
By default, the encryption key file is /boot/encryption.key.
Instead of being 0600, the permissions are 0644:
$ ls -la /boot/encryption.key
This file is readable by a local user.
According to the vendor, a security advisory will be published, describing
the problem and the solution. It concerns:
- stable/10, 10.1-STABLE
- releng/10.1, 10.1-RELEASE-p8
- releng/10.0, 10.0-RELEASE-p18
This vulnerability was found by Pierre Kim (@PierreKimSec).
https://www.freebsd.org/doc/handbook/bsdinstall-partitioning.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1415
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc
This advisory is licensed under a Creative Commons Attribution Non-Commercial
Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVJF22AAoJEMQ+Dtp9ky28NDgP/iW9YALiZKLPVhnShFEhFO4C
SvSza1s7LJkhtOH8qOGplzTrn8wSV5BNhwzMaIaKpksP5RjoCkynxvAw/OncazPl
tsfHM89m7bQ4puyXF3eb6lMkfaIkxoDAXM5R5DFb2Q+3wg4SDygdM7+BQEdqCXDV
2B+ZNGae2CcsqLq04zjskFgY2bwqNMyX3GbbmUJvVI5IXQIS30e1lVIq8zxcK7u0
lKFlVyp+gdyusenPz0lCqR82Pe1IA3tHuNn2zw3/EudT4VhD789/t/0lEWlSyNg7
uiTCqFpQXnpEnvXEez1gZiDuNccIMXXYv0agB+/mYkkoviQPk5jqCwI5rvs+ppFU
IH0gAafqS/UIl5+/dhDdIVDA4+r4WWLUxJfFkDy4ThCQHZtZMCsBYk3/RNJBPDUW
JiVZWV8LSSHtYfWj7YoiCswuC9FLp6CT9e+/XQUJjpNrwfpeT5KlFOCFUKQXwV6W
5nUJnQhjVfrXVjeRuOvMCInSwG8DWbfyX75QMmJNyV7aPMrS2prRXbOlTLuQUyzP
cJkmToeO4XE4COV+jvtC+c39Booy3r8yp3lfHmz1NXffiv6Ua+11vLamUeYOVPew
r4TmionPpSeAx3ODhKEKGjW+HIkl9sx3WcSnEBl88Aqd3Zv77G3ok4usFz4PvPnb
/hnH/lhpePtv13jyZpXc
=pOPH
-----END PGP SIGNATURE-----