* [Bug 16901] New: Security problem in the FTP URL for obtaining QLogic Fibre Channel HBA firmware
@ 2010-08-24 13:31 bugzilla-daemon
2010-08-24 16:21 ` [Bug 16901] " bugzilla-daemon
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: bugzilla-daemon @ 2010-08-24 13:31 UTC (permalink / raw)
To: linux-scsi
https://bugzilla.kernel.org/show_bug.cgi?id=16901
Summary: Security problem in the FTP URL for obtaining QLogic
Fibre Channel HBA firmware
Product: SCSI Drivers
Version: 2.5
Kernel Version: 2.6.35.3
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: high
Priority: P1
Component: QLOGIC QLA2XXX
AssignedTo: scsi_drivers-qla2xxx@kernel-bugs.osdl.org
ReportedBy: plamen@tonev.net
Regression: No
Created an attachment (id=27801)
--> (https://bugzilla.kernel.org/attachment.cgi?id=27801)
Proof that firmware files can be replaces with malicious ones
The qla2xxx driver in the latest stable 2.6.35.3 prints dangerous URL
(ftp.qlogic.com) for obtaining new firmware for their adapters.
From: linux-2.6.35.3/drivers/scsi/qla2xxx/qla_init.c
---- quote -----
#define QLA_FW_URL "ftp://ftp.qlogic.com/outgoing/linux/firmware/"
int
qla2x00_load_risc(scsi_qla_host_t *vha, uint32_t *srisc_addr)
{
int rval;
int i, fragment;
uint16_t *wcode, *fwcode;
uint32_t risc_addr, risc_size, fwclen, wlen, *seg;
struct fw_blob *blob;
struct qla_hw_data *ha = vha->hw;
struct req_que *req = ha->req_q_map[0];
/* Load firmware blob. */
blob = qla2x00_request_firmware(vha);
if (!blob) {
qla_printk(KERN_ERR, ha, "Firmware image unavailable.\n");
qla_printk(KERN_ERR, ha, "Firmware images can be retrieved "
"from: " QLA_FW_URL ".\n");
return QLA_FUNCTION_FAILED;
}
---- end quote -----
It is dangerous to give the users this URL for obtaining new firmware images,
because this QLogic FTP site isn't secure at all and everyone anonymously can
exchange the original firmware .bin files with their own files.
The outgoing/linux/firmware folder is read-only and files cannot be replaced,
or created new ones. The folder itself cannot be renamed too, but everyone can
rename linux folder to linux2 for example, then create a new linux folder with
firmware inside and put their own files instead of the 'official' ones from
QLogic.
It can be done easy and you can see the attached screenshot for proof.
Until better security is implemented on this FTP (or better place for storing
firmware releases is found) I recommend to print a warning to all users of this
driver about security problems with the QLogic FTP site.
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 16901] Security problem in the FTP URL for obtaining QLogic Fibre Channel HBA firmware
2010-08-24 13:31 [Bug 16901] New: Security problem in the FTP URL for obtaining QLogic Fibre Channel HBA firmware bugzilla-daemon
@ 2010-08-24 16:21 ` bugzilla-daemon
2012-05-12 16:12 ` bugzilla-daemon
2012-05-12 16:13 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2010-08-24 16:21 UTC (permalink / raw)
To: linux-scsi
https://bugzilla.kernel.org/show_bug.cgi?id=16901
Andrew Vasquez <andrew.vasquez@qlogic.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |andrew.vasquez@qlogic.com
--- Comment #1 from Andrew Vasquez <andrew.vasquez@qlogic.com> 2010-08-24 16:20:56 ---
Thank you for bringing this to our attention. We've notified the IT group to
have these permission problems with the files and directories addressed.
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 16901] Security problem in the FTP URL for obtaining QLogic Fibre Channel HBA firmware
2010-08-24 13:31 [Bug 16901] New: Security problem in the FTP URL for obtaining QLogic Fibre Channel HBA firmware bugzilla-daemon
2010-08-24 16:21 ` [Bug 16901] " bugzilla-daemon
@ 2012-05-12 16:12 ` bugzilla-daemon
2012-05-12 16:13 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2012-05-12 16:12 UTC (permalink / raw)
To: linux-scsi
https://bugzilla.kernel.org/show_bug.cgi?id=16901
Alan <alan@lxorguk.ukuu.org.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |alan@lxorguk.ukuu.org.uk
Resolution| |OBSOLETE
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 16901] Security problem in the FTP URL for obtaining QLogic Fibre Channel HBA firmware
2010-08-24 13:31 [Bug 16901] New: Security problem in the FTP URL for obtaining QLogic Fibre Channel HBA firmware bugzilla-daemon
2010-08-24 16:21 ` [Bug 16901] " bugzilla-daemon
2012-05-12 16:12 ` bugzilla-daemon
@ 2012-05-12 16:13 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2012-05-12 16:13 UTC (permalink / raw)
To: linux-scsi
https://bugzilla.kernel.org/show_bug.cgi?id=16901
Alan <alan@lxorguk.ukuu.org.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-05-12 16:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-08-24 13:31 [Bug 16901] New: Security problem in the FTP URL for obtaining QLogic Fibre Channel HBA firmware bugzilla-daemon
2010-08-24 16:21 ` [Bug 16901] " bugzilla-daemon
2012-05-12 16:12 ` bugzilla-daemon
2012-05-12 16:13 ` bugzilla-daemon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.