This issue affects only installations where two or more unprivileged installations are made on the same host. This issue only affects installations where the host has more than one unprivileged installation. This issue was fixed in version 6.3.0. A new feature was added to the Keylime agent for allowing access to previously mounted disks. This feature is enabled by default and can be disabled by setting the following option in the kemper.yml file: disable_disk_access: false It is strongly recommended to leave this feature enabled as it will allow a data centre administrator to audit the disk usage of the infra-red printer. An unprivileged user can create a temporary mount point on the host and then access the disk from any other unprivileged process on the host. This allows a data centre administrator to audit the disk usage of the infra-red printer. An unprivileged user can create a temporary mount point on the host and then access the disk from any other unprivileged process on the host.

Assumptions

- The policy for mounting disks is already set to allow unprivileged access.
- there are only two installations on the host
- the host has more than one installation unprivileged

Example:

What is the vulnerability
An unprivileged user can create a temporary mount point on the host and then access the disk from any other unprivileged process on the host. For example, an unprivileged user may create a temporary mount point for an external USB disk and then access that disk from within a privileged process (such as Keylime's own agent or a privileged docker or docker-compose container) on the host.

CVE-2021-6121

This issue affects only installations where two or more unprivileged installations are made on the same host. This issue only affects installations where the host has more than one unprivileged installation. The Keylime agent allows an unprivileged user to change the password for a keystore key with the following commands:
- kemper agent

Supported Versions

This issue was fixed in version 6.3.0.

Timeline

Published on: 09/21/2022 19:15:00 UTC
Last modified on: 09/22/2022 16:23:00 UTC

References