Security vulnerabilities in teradata virtual machine community edition

General
Tourist

Security vulnerabilities in teradata virtual machine community edition

Hi,

I've been evaluating the Teradata virtual machine and had some security concerns.  I downloaded the appliance from here:

http://downloads.teradata.com/download/database/teradata-virtual-machine-community-edition-for-vmwar...


I noticed world writeable permissions on the luminex directory its pkgmgr binary, a local user could overwrite this binary to execute commands as root when it's executed by various scripts I've listed below.  I also noticed my system installed with a default password of root, and ssh allowing root logins using passwords.  Also use of /tmp for manipulating files in an insecure manner.  I go into a bit more detail below.  Is there a security contact I can work with rather than via forums? I don't have a tay login.

Thanks!

 

TVME:/opt/luminex/LicenseMgr/current/bin # ls -ld /etc/luminex/
drwxrwxrwx 2 root root 4096 Mar 3 2016 /etc/luminex/
TVME:/opt/luminex/LicenseMgr/current/bin # ls -l /etc/luminex/
total 128
-rwxrwxrwx 1 root root 24576 Mar 3 2016 packages.db
-rwxrwxrwx 1 root root 102357 Mar 3 2016 pkgmgr
TVME:/opt/luminex/LicenseMgr/current/bin #


/opt/luminex/LicenseMgr/2.1.0.2/configure
/opt/luminex/LicenseMgr/2.1.0.2/INSTALL.SH
/opt/luminex/LicenseMgr/2.1.0.2/bin/start.sh
/opt/luminex/LicenseMgr/2.1.0.2/bin/addlicense
/opt/luminex/LicenseMgr/2.1.0.2/etc/init.d/LicenseMgr.server
/opt/luminex/Libraries/2.2.0.9c/configure
/opt/luminex/Libraries/2.2.0.9c/INSTALL.SH
/opt/luminex/Libraries/2.2.0.9c/bin/pkgmgr_64
/opt/luminex/Libraries/2.2.0.9c/bin/pkgmgr
/opt/luminex/luminex-ucd-tdi/1.0.0.13/Libraries_2.2.0.9c.sh
/opt/luminex/luminex-ucd-tdi/1.0.0.13/pkgmgr
/opt/luminex/luminex-ucd-tdi/1.0.0.13/luc_2.0.7.6.sh
/opt/luminex/luminex-ucd-tdi/1.0.0.13/LicenseMgr_2.1.0.2.sh
/opt/luminex/luminex-ucd-tdi/1.0.0.13/luc_2.0.7.6b.sh
/opt/luminex/luminex-ucd-tdi/1.0.0.13/MicrocodeMgr_1.0.0.11.sh
/opt/luminex/luminex-ucd-tdi/1.0.0.13/TraceMgr_2.2.7.0.sh
/opt/luminex/TraceMgr/2.2.7.0/configure
/opt/luminex/TraceMgr/2.2.7.0/INSTALL.SH
/opt/luminex/TraceMgr/2.2.7.0/bin/start.sh
/opt/luminex/TraceMgr/2.2.7.0/bin/stop.sh
/opt/luminex/TraceMgr/2.2.7.0/bin/cfgtool
/opt/luminex/TraceMgr/2.2.7.0/bin/tmsum.sh
/opt/luminex/TraceMgr/2.2.7.0/bin/tmreport
/opt/luminex/TraceMgr/2.2.7.0/etc/init.d/TraceMgr.server
/opt/luminex/MicrocodeMgr/1.0.0.11/INSTALL.SH
/opt/luminex/MicrocodeMgr/1.0.0.11/bin/start.sh
/opt/luminex/MicrocodeMgr/1.0.0.11/etc/init.d/MicrocodeMgr.server
/opt/luminex/luc/2.0.7.6b/configure
/opt/luminex/luc/2.0.7.6b/INSTALL.SH
/opt/luminex/luc/2.0.7.6b/bin/start.sh
/opt/luminex/luc/2.0.7.6b/bin/stop.sh
/opt/luminex/luc/2.0.7.6b/etc/init.d/luc.server

Checking /opt/luminex/LicenseMgr/2.1.0.2/configure
11-export PATH
12-
13-DEVDIR=/dev
14-PATH_TO_INST=/etc/path_to_inst
15-
16:#check for pkgmgr installed
17:if [ ! -f /etc/luminex/pkgmgr ]; then
18: echo "pkgmgr not installed, exiting"
19- exit 1
20-fi
21-
22-
23-get_yn () {
--
491-
492-uninstall_previous_version () {
493-
494- #check for previous version, and get the license path
495-
496: # we have to remove what the installer put into pkgmgr, which should
497- # be this version we are installing. that way we can find previous
498- # versions
499: /etc/luminex/pkgmgr remove LicenseMgr/$VERSION
500-
501-# 02/09/12: bnh
502-# if the current version is already installed, and if there are licenses
503-# then we dont want to copy old licenses into the current directory
504-# VPATH has path to this version of licensemgr and we want to see if there
505-# are any licenses installed
506- LICENSEFILES=`ls $VPATH/etc/licenses | wc -l`
507- if [ $LICENSEFILES = 0 ]; then
508- # we have to look for 2.* to see if there is a 2.0 version
509: # because pkgmgr had a bug which happens if 1.8.0.15 was installed
510: OLDPATH=`/etc/luminex/pkgmgr get LicenseMgr/2.*`
511-
512-
513- #echo "path1 is $OLDPATH"
514- if [ x$OLDPATH = x ]; then
515-
516- #no previous 2.x version, check for ANY previous
517: OLDPATH=`/etc/luminex/pkgmgr get LicenseMgr/*`
518- #echo "path2 is $OLDPATH"
519- if [ x$OLDPATH = x ]; then
520: echo "no previous version installed via pkgmgr"
521-
522: #check for previous versions installed WITHOUT pkgmgr
523- if [ -d /opt/luminex/LicenseMgr/1.8.0.15 ]; then
524- OLDPATH="/opt/luminex/LicenseMgr/1.8.0.15"
525- elif [ -d /opt/luminex/LicenseMgr/1.8.0.7 ]; then
526- OLDPATH="/opt/luminex/LicenseMgr/1.8.0.7"
527- fi
528- fi
529- fi
530- fi
531-
532- # put back in our version
533: /etc/luminex/pkgmgr add LicenseMgr/$VERSION $VPATH
534-
535- # if we found a prior version (even the one we are installing), uninstall it
536- uninstall_driver
537-
538- return 0
--
580-get_platform_os
581-
582-#COMMAND=$2
583-#VERSION=`basename "$COMMAND"`
584-#Current version of LM has already been installed by the install script
585:#at this point. pkgmgr should return the version we are installing
586:VPATH=`/etc/luminex/pkgmgr get LicenseMgr/2.*`
587-
588-while true
589-do
590- case $1 in
591- --install_only)
--
637-fi
638-exit $result
639-
640-
641-
642:#LMDIR=`/etc/luminex/pkgmgr get LicenseMgr/1.7.2.0`
643-
644-#ADDLICENSE=$LMDIR/bin/addLicense
645-#
646-#more=y
647-#
--
650-#$ADDLICENSE -w $LMDIR/etc add
651-#echo "Do you have more licenses to add [ y/n ]? \c"
652-#read more
653-#done
654-
655:#LMDIR=`/etc/luminex/pkgmgr get LicenseMgr/1.7.2.2`
656-
657-#ADDLICENSE=$LMDIR/bin/addLicense
658-
659-#more=y
660-
Checking /opt/luminex/LicenseMgr/2.1.0.2/INSTALL.SH
194-
195-if [ x$PKGDB = x ]; then
196- PKGDB=/etc/luminex/packages.db
197-fi
198-
199:OLD_PATH=`/etc/luminex/pkgmgr get $package/*`
200-NEW_PATH=$destination
201-
202-export OLD_PATH NEW_PATH
203-
204:echo "adding pkgmgr -C $PKGDB add $package/$version $destination"
205:/etc/luminex/pkgmgr -C $PKGDB add $package/$version $destination
206-result=$?
207-if [ $result -ne 0 ]; then
208- echo "WARNING: failed to add package $package to $PKGDB"
209-# exit 1
210-fi
Checking /opt/luminex/LicenseMgr/2.1.0.2/bin/start.sh
4-export PATH
5-
6-PRG_DIR=`dirname $0`
7-cd $PRG_DIR
8-
9:if [ -f /etc/luminex/pkgmgr ]; then
10: DIR=`/etc/luminex/pkgmgr get LicenseMgr/2.*`
11-fi
12-if [ "$DIR" = "" ]; then
13- DIR=/opt/luminex/LicenseMgr/2.1.0.0
14-fi
15-#else
Checking /opt/luminex/LicenseMgr/2.1.0.2/bin/addlicense
16-
17- return 0
18-}
19-
20-
21:if [ -f /etc/luminex/pkgmgr ]; then
22: DIR=`/etc/luminex/pkgmgr get LicenseMgr/*`
23- if [ $? -ne 0 ]; then
24- echo "Could not find LicenseMgr, aborting."
25- fi
26-fi
27-
Checking /opt/luminex/LicenseMgr/2.1.0.2/etc/init.d/LicenseMgr.server
2-
3-PACKAGENAME=LicenseMgr
4-VERSION=2.1.0.2
5-SERVICENAME=llm
6-
7:configPath=`/etc/luminex/pkgmgr -C /etc/luminex/packages.db get $PACKAGENAME/$VERSION`
8-if [ $? -ne 0 ]; then
9- echo "Failed to lookup package $PACKAGENAME $VERSION in /etc/luminex/packages.dbf, abort"
10- exit
11-fi
12-if [ x"$configPath" = x ]; then
Checking /opt/luminex/Libraries/2.2.0.9c/configure
11-export PATH
12-
13-DEVDIR=/dev
14-PATH_TO_INST=/etc/path_to_inst
15-
16:#check for pkgmgr installed
17:if [ ! -f /etc/luminex/pkgmgr ]; then
18: echo "pkgmgr not installed, exiting"
19- exit 1
20-fi
21-
22-
23-get_yn () {
--
191-get_platform_os
192-
193-#COMMAND=$2
194-#VERSION=`basename "$COMMAND"`
195-#Current version of LM has already been installed by the install script
196:#at this point. pkgmgr should return the version we are installing
197:VPATH=`/etc/luminex/pkgmgr get Libraries/2.*`
198-
199-while true
200-do
201- case $1 in
202- --install_only)
Checking /opt/luminex/Libraries/2.2.0.9c/INSTALL.SH
194-
195-if [ x$PKGDB = x ]; then
196- PKGDB=/etc/luminex/packages.db
197-fi
198-
199:OLD_PATH=`/etc/luminex/pkgmgr get $package/*`
200-NEW_PATH=$destination
201-
202-export OLD_PATH NEW_PATH
203-
204:echo "adding pkgmgr -C $PKGDB add $package/$version $destination"
205:/etc/luminex/pkgmgr -C $PKGDB add $package/$version $destination
206-result=$?
207-if [ $result -ne 0 ]; then
208- echo "WARNING: failed to add package $package to $PKGDB"
209-# exit 1
210-fi
Checking /opt/luminex/TraceMgr/2.2.7.0/configure
289- return 0
290-}
291-
292-uninstall_driver () {
293- if [ x$OLD_PATH != x$NEW_PATH ] ; then
294: /etc/luminex/pkgmgr remove TraceMgr/$VERSION
295- /etc/init.d/TraceMgr.server stop
296: /etc/luminex/pkgmgr add TraceMgr/$VERSION $NEW_PATH
297- else
298- /etc/init.d/TraceMgr.server stop
299- fi
300-
301-if [ x$install_only != xtrue ]; then
Checking /opt/luminex/TraceMgr/2.2.7.0/INSTALL.SH
194-
195-if [ x$PKGDB = x ]; then
196- PKGDB=/etc/luminex/packages.db
197-fi
198-
199:OLD_PATH=`/etc/luminex/pkgmgr get $package/*`
200-NEW_PATH=$destination
201-
202-export OLD_PATH NEW_PATH
203-
204:echo "adding pkgmgr -C $PKGDB add $package/$version $destination"
205:/etc/luminex/pkgmgr -C $PKGDB add $package/$version $destination
206-result=$?
207-if [ $result -ne 0 ]; then
208- echo "WARNING: failed to add package $package to $PKGDB"
209-# exit 1
210-fi
Checking /opt/luminex/TraceMgr/2.2.7.0/bin/start.sh
1-#!/bin/bash
2-
3-
4-ulimit -c unlimited
5-
6:if [ -f /etc/luminex/pkgmgr ]; then
7: DIR=`/etc/luminex/pkgmgr get TraceMgr/*`
8-else
9: echo "pkgmgr not installed"
10- exit 1
11-fi
12-
13-# move into pkg directory
14-cd $DIR
Checking /opt/luminex/TraceMgr/2.2.7.0/bin/stop.sh
1-#!/bin/sh
2-
3:if [ -f /etc/luminex/pkgmgr ]; then
4: DIR=`/etc/luminex/pkgmgr get TraceMgr/*`
5-else
6: echo "pkgmgr not installed"
7- exit 1
8-fi
9-
10-
11-#
Checking /opt/luminex/TraceMgr/2.2.7.0/bin/cfgtool
1-#!/bin/bash
2-
3-## generic cfgtool editor (typically called by wrapper scripts)
4-
5:if [ -f /etc/luminex/pkgmgr ]; then
6: DIR=`/etc/luminex/pkgmgr get TraceMgr/*`
7- if [ $? -ne 0 ]; then
8- echo >&2 "Trace Manager pkg not installed, using current directory"
9- DIR="."
10- fi
11-else
12: echo >&2 "pkgmgr not installed, using current directory"
13- DIR="."
14-fi
15-
16-# move into pkg directory
17-cd $DIR
Checking /opt/luminex/TraceMgr/2.2.7.0/bin/tmsum.sh
39-#******************************************************************************
40-#
41-# gettmdir: get the installation directory for Trace Manager from the
42-# package manager.
43-#
44:# Requires that pkgmgr is installed in /etc/luminex
45-gettmdir ()
46-{
47: if [ -f /etc/luminex/pkgmgr ]; then
48: TMDIR=`/etc/luminex/pkgmgr get TraceMgr/*`
49- else
50: echo >&2 "pkgmgr not installed"
51- return 1
52- fi
53-
54- return 0
55-}
Checking /opt/luminex/TraceMgr/2.2.7.0/bin/tmreport
12-
13-TMDIR="."
14-
15-#******************************************************************************
16-gettmdir() {
17: if [ -f /etc/luminex/pkgmgr ] ; then
18: TMDIR=`/etc/luminex/pkgmgr get TraceMgr/*`
19- else
20: echo >&2 "pkgmgr not installed"
21- return 1
22- fi
23-
24- return 0
25-}
Checking /opt/luminex/TraceMgr/2.2.7.0/etc/init.d/TraceMgr.server
2-
3-PACKAGENAME=TraceMgr
4-VERSION=2.2.7.0
5-SERVICENAME=tmdrv
6-
7:configPath=`/etc/luminex/pkgmgr -C /etc/luminex/packages.db get $PACKAGENAME/$VERSION`
8-if [ $? -ne 0 ]; then
9- echo "Failed to lookup package $PACKAGENAME $VERSION in /etc/luminex/packages.dbf, abort"
10- exit
11-fi
12-if [ x"$configPath" = x ]; then
Checking /opt/luminex/MicrocodeMgr/1.0.0.11/INSTALL.SH
194-
195-if [ x$PKGDB = x ]; then
196- PKGDB=/etc/luminex/packages.db
197-fi
198-
199:OLD_PATH=`/etc/luminex/pkgmgr get $package/*`
200-NEW_PATH=$destination
201-
202-export OLD_PATH NEW_PATH
203-
204:echo "adding pkgmgr -C $PKGDB add $package/$version $destination"
205:/etc/luminex/pkgmgr -C $PKGDB add $package/$version $destination
206-result=$?
207-if [ $result -ne 0 ]; then
208- echo "WARNING: failed to add package $package to $PKGDB"
209-# exit 1
210-fi
Checking /opt/luminex/MicrocodeMgr/1.0.0.11/bin/start.sh
4-export PATH
5-
6-PRG_DIR=`dirname $0`
7-cd $PRG_DIR
8-
9:if [ -f /etc/luminex/pkgmgr ]; then
10: DIR=`/etc/luminex/pkgmgr get MicrocodeMgr/1.*`
11-fi
12-if [ "$DIR" = "" ]; then
13- DIR=/opt/luminex/MicrocodeMgr/1.0.0.11
14-fi
15-#else
Checking /opt/luminex/MicrocodeMgr/1.0.0.11/etc/init.d/MicrocodeMgr.server
2-
3-PACKAGENAME=MicrocodeMgr
4-VERSION=1.0.0.11
5-SERVICENAME=lmm
6-
7:configPath=`/etc/luminex/pkgmgr -C /etc/luminex/packages.db get $PACKAGENAME/$VERSION`
8-if [ $? -ne 0 ]; then
9- echo "Failed to lookup package $PACKAGENAME $VERSION in /etc/luminex/packages.dbf, abort"
10- exit
11-fi
12-if [ x"$configPath" = x ]; then
Checking /opt/luminex/luc/2.0.7.6b/configure
385- echo "Unknown platform $PLATFORM"
386- return 1
387- fi
388-fi
389-
390:# installed OK, copy config files, and put version back into pkgmgr
391-
392- if [ x$OLD_PATH != x$NEW_PATH ]; then
393- CopyConfigFiles
394- if [ $? -ne 0 ]; then
395- echo "Failed to copy config files from $OLD_PATH to $NEW_PATH"
--
407- return 0
408-}
409-
410-uninstall_driver () {
411-
412:# the pkg installer automatically added this version to the pkgmgr
413-# we need to shutdown the previous version (if there was one) or this
414-# version if there wasnt
415-# the pkg installer exports OLD_PATH and NEW_PATH
416-
417-if [ x$install_only != xtrue ]; then
418- echo "Stopping control units..."
419- if [ x$OLD_PATH != x$NEW_PATH ] ; then
420:# we have to remove the version the pkgmgr installed so we can run the stop
421-# there is an expectation that the init.d scripts will not have changed
422-# so much that the new ones cant be used to stop the old one
423: /etc/luminex/pkgmgr remove luc/$VERSION
424:# now when stop is called and it looks up pkgmgr it will invoke the stop
425-# for the old
426- /etc/init.d/luc.server stop
427-# put the new version back in
428: /etc/luminex/pkgmgr add luc/$VERSION $NEW_PATH
429- else
430-# just stop the service
431- /etc/init.d/luc.server stop
432- fi
433-
--
699-
700-# If this is an upgrade and the TM configuration puts the performance
701-# files in a different location than /luminex/storage/logs then copy
702-# old performance files over to the correct log directory.
703-copy_perf_files () {
704: if [ -f /etc/luminex/pkgmgr ]; then
705: TMDIR=`/etc/luminex/pkgmgr get TraceMgr/*`
706- else
707- TMDIR=/opt/luminex/TraceMgr/current
708- fi
709-
710- if [ ! -d $TMDIR ] ; then
Checking /opt/luminex/luc/2.0.7.6b/INSTALL.SH
194-
195-if [ x$PKGDB = x ]; then
196- PKGDB=/etc/luminex/packages.db
197-fi
198-
199:OLD_PATH=`/etc/luminex/pkgmgr get $package/*`
200-NEW_PATH=$destination
201-
202-export OLD_PATH NEW_PATH
203-
204:echo "adding pkgmgr -C $PKGDB add $package/$version $destination"
205:/etc/luminex/pkgmgr -C $PKGDB add $package/$version $destination
206-result=$?
207-if [ $result -ne 0 ]; then
208- echo "WARNING: failed to add package $package to $PKGDB"
209-# exit 1
210-fi
Checking /opt/luminex/luc/2.0.7.6b/bin/start.sh
1-#!/bin/bash
2-
3-
4-ulimit -c unlimited
5-
6:if [ -f /etc/luminex/pkgmgr ]; then
7: DIR=`/etc/luminex/pkgmgr get luc/*`
8: TMDIR=`/etc/luminex/pkgmgr get TraceMgr/*`
9-else
10: echo "pkgmgr not installed"
11- exit 1
12-fi
13-
14-# move into pkg directory
15-cd $DIR
Checking /opt/luminex/luc/2.0.7.6b/bin/stop.sh
1-#!/bin/sh
2-
3:if [ -f /etc/luminex/pkgmgr ]; then
4: DIR=`/etc/luminex/pkgmgr get luc/*`
5-else
6: echo "pkgmgr not installed"
7- exit 1
8-fi
9-
10-
11-#
Checking /opt/luminex/luc/2.0.7.6b/etc/init.d/luc.server
2-
3-PACKAGENAME=luc
4-VERSION=2.0.7.6b
5-SERVICENAME=sampleCTC
6-
7:configPath=`/etc/luminex/pkgmgr -C /etc/luminex/packages.db get $PACKAGENAME/$VERSION`
8-if [ $? -ne 0 ]; then
9- echo "Failed to lookup package $PACKAGENAME $VERSION in /etc/luminex/packages.dbf, abort"
10- exit
11-fi
12-if [ x"$configPath" = x ]; then


Default root password of ‘root’ and remote root logins allowed.

TVME:/opt/luminex/LicenseMgr/current/bin # grep Allow /etc/ssh/sshd_config
#AllowAgentForwarding yes
#AllowTcpForwarding yes
# AllowTcpForwarding no
TVME:/opt/luminex/LicenseMgr/current/bin #


Insecure use of /tmp:

 

Just looking around I see insecure use of /tmp where files are written where a local user could symlink them to system files and over write critical data making the system unusable:

 

/opt/teradata/linux-config/sbin/ednp.sh
TMP_PATH=/tmp/ednp.$$
/opt/teradata/linux-config/conf.d/5-bootmenu
}" /tmp/$$.menu.lst
}" /tmp/$$.menu.lst
}" /tmp/$$.menu.lst
cp $menulst /tmp/$$.menu.lst
}" /tmp/$$.menu.lst
/tmp/$$.menu.lst
default_entry_linum=`/bin/grep -n "^title" /tmp/$$.menu.lst | \
/tmp/$$.menu.lst | /bin/sed 's/title//'`
/tmp/$$.menu.lst`
/tmp/$$.menu.lst`
/tmp/$$.menu.lst`
lastline_of_menulst=`/bin/sed -n '$p' /tmp/$$.menu.lst`
echo "" >>/tmp/$$.menu.lst
"${default_initrd_params}" >>/tmp/$$.menu.lst
}" /tmp/$$.menu.lst
diff -q $menulst /tmp/$$.menu.lst > /dev/null 2>&1
if [ -s /tmp/$$.menu.lst ]; then
cp /tmp/$$.menu.lst $menulst