CVE-2017-2627

Vulnerability

The sudoers file installed with the openstack-tripleo-common package in Red Hat OpenStack Platform (OSP) versions 10 and 11 is overly permissive [1]. It contains lines for the mistral user that use wildcards enabling directory traversal via .. sequences, and it grants full passwordless root access to the validations user [1].

Exploitation

An attacker who gains access as the mistral user can exploit the directory traversal wildcards in the sudoers file to execute arbitrary commands as root with sudo. Alternatively, an attacker who obtains the validations account can simply run sudo to gain a root shell without providing a password [1].

Impact

Successful exploitation results in complete system compromise: an attacker gains full root privileges, allowing them to read, modify, or delete any data, install software, and pivot to other systems on the network.

Mitigation

Red Hat released updated openstack-tripleo-common packages for OSP 10 and 11 that restrict the sudoers entries. Users should update to the latest available version. No workaround is available; the issue is fixed only via the package update [1].