Unprivileged user can control services

Bug #1864201 reported by Adam Collard on 2020-02-21
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Critical
Alberto Donato
2.7
Critical
Alberto Donato

Bug Description

With a snap installed maas, supervisor is used to manage service lifecycle of various services that compose MAAS (regiond, rackd, dhcpd etc.)

In 2.7.0, and master, the supervisord is configured with a very guessable hard-coded username and password (which matches the username) listening on TCP 127.0.0.1:9001

Thus, any unprivileged user on the machine who can talk HTTP to the loopback interface can DOS the MAAS (start, stop, restart services).

https://pastebin.canonical.com/p/5D37z2WSkT/ example here, without using sudo/root

Related branches

Alberto Donato (ack) on 2020-02-21
Changed in maas:
assignee: nobody → Alberto Donato (ack)
Alberto Donato (ack) on 2020-02-21
Changed in maas:
status: New → In Progress
Changed in maas:
milestone: none → next
status: In Progress → Fix Committed
Alberto Donato (ack) on 2020-02-21
Changed in maas:
milestone: next → 2.8.0b1
information type: Private Security → Public
information type: Public → Public Security
Alberto Donato (ack) on 2020-04-17
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers