低危 Inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration (CVE-2023-3899)

CVE编号

CVE-2023-3899

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-08-23
漏洞描述
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
解决建议
修复至安全版本。
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 redhat enterprise_linux_update_services_for_sap_solutions 8.1 -
运行在以下环境
应用 redhat enterprise_linux_update_services_for_sap_solutions 8.2 -
运行在以下环境
应用 redhat enterprise_linux_update_services_for_sap_solutions 8.4 -
运行在以下环境
应用 redhat enterprise_linux_update_services_for_sap_solutions 8.6 -
运行在以下环境
应用 redhat enterprise_linux_update_services_for_sap_solutions 8.8 -
运行在以下环境
应用 redhat subscription-manager * Up to
(excluding)
1.28.39
运行在以下环境
应用 redhat subscription-manager * From
(including)
1.29.0
Up to
(excluding)
1.29.37
运行在以下环境
系统 alibaba_cloud_linux_2.1903 rhsm-gtk * Up to
(excluding)
1.24.52-2.1.al7
运行在以下环境
系统 alma_linux_8 python3-cloud-what * Up to
(excluding)
1.28.36-3.el8_8.alma.1
运行在以下环境
系统 alma_linux_9 python3-cloud-what * Up to
(excluding)
1.29.33.1-2.el9_2.alma.1
运行在以下环境
系统 anolis_os_7 rhsm-gtk * Up to
(excluding)
1.24.52-2
运行在以下环境
系统 centos_7 rhsm-gtk * Up to
(excluding)
1.24.52-2.el7_9
运行在以下环境
系统 fedoraproject fedora 37 -
运行在以下环境
系统 fedoraproject fedora 38 -
运行在以下环境
系统 fedora_37 python3-cloud-what * Up to
(excluding)
1.29.37-1.fc37
运行在以下环境
系统 fedora_38 python3-cloud-what * Up to
(excluding)
1.29.37-1.fc38
运行在以下环境
系统 redhat enterprise_linux 8.0 -
运行在以下环境
系统 redhat enterprise_linux 9.0 -
运行在以下环境
系统 redhat enterprise_linux_desktop 7.0 -
运行在以下环境
系统 redhat enterprise_linux_eus 8.6 -
运行在以下环境
系统 redhat enterprise_linux_eus 8.8 -
运行在以下环境
系统 redhat enterprise_linux_eus 9.0 -
运行在以下环境
系统 redhat enterprise_linux_eus 9.2 -
运行在以下环境
系统 redhat enterprise_linux_for_arm_64 8.0 -
运行在以下环境
系统 redhat enterprise_linux_for_arm_64 9.0 -
运行在以下环境
系统 redhat enterprise_linux_for_arm_64 9.2 -
运行在以下环境
系统 redhat enterprise_linux_for_arm_64_eus 8.6 -
运行在以下环境
系统 redhat enterprise_linux_for_arm_64_eus 8.8 -
运行在以下环境
系统 redhat enterprise_linux_for_arm_64_eus 9.0 -
运行在以下环境
系统 redhat enterprise_linux_for_arm_64_eus 9.2 -
运行在以下环境
系统 redhat enterprise_linux_for_ibm_z_systems 7.0 -
运行在以下环境
系统 redhat enterprise_linux_for_ibm_z_systems 8.0 -
运行在以下环境
系统 redhat enterprise_linux_for_ibm_z_systems 9.0 -
运行在以下环境
系统 redhat enterprise_linux_for_ibm_z_systems 9.2 -
运行在以下环境
系统 redhat enterprise_linux_for_ibm_z_systems_eus 8.6 -
运行在以下环境
系统 redhat enterprise_linux_for_ibm_z_systems_eus 8.8 -
运行在以下环境
系统 redhat enterprise_linux_for_ibm_z_systems_eus 9.0 -
运行在以下环境
系统 redhat enterprise_linux_for_ibm_z_systems_eus 9.2 -
运行在以下环境
系统 redhat enterprise_linux_for_power_big_endian 7.0 -
运行在以下环境
系统 redhat enterprise_linux_for_power_little_endian 7.0 -
运行在以下环境
系统 redhat enterprise_linux_for_power_little_endian 8.0 -
运行在以下环境
系统 redhat enterprise_linux_for_power_little_endian 9.0 -
运行在以下环境
系统 redhat enterprise_linux_for_power_little_endian_eus 8.8 -
运行在以下环境
系统 redhat enterprise_linux_for_power_little_endian_eus 9.0 -
运行在以下环境
系统 redhat enterprise_linux_for_power_little_endian_eus 9.2 -
运行在以下环境
系统 redhat enterprise_linux_for_scientific_computing 7.0 -
运行在以下环境
系统 redhat enterprise_linux_server 7.0 -
运行在以下环境
系统 redhat enterprise_linux_server_aus 8.2 -
运行在以下环境
系统 redhat enterprise_linux_server_aus 8.4 -
运行在以下环境
系统 redhat enterprise_linux_server_aus 8.6 -
运行在以下环境
系统 redhat enterprise_linux_server_aus 9.2 -
运行在以下环境
系统 redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1 -
运行在以下环境
系统 redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2 -
运行在以下环境
系统 redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4 -
运行在以下环境
系统 redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6 -
运行在以下环境
系统 redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8 -
运行在以下环境
系统 redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0 -
运行在以下环境
系统 redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2 -
运行在以下环境
系统 redhat enterprise_linux_server_tus 8.2 -
运行在以下环境
系统 redhat enterprise_linux_server_tus 8.4 -
运行在以下环境
系统 redhat enterprise_linux_server_tus 8.6 -
运行在以下环境
系统 redhat enterprise_linux_server_tus 8.8 -
运行在以下环境
系统 redhat enterprise_linux_server_update_services_for_sap_solutions 9.0 -
运行在以下环境
系统 redhat enterprise_linux_server_update_services_for_sap_solutions 9.2 -
运行在以下环境
系统 redhat enterprise_linux_workstation 7.0 -
运行在以下环境
系统 redhat_7 rhsm-gtk * Up to
(excluding)
1.24.52-2.el7_9
运行在以下环境
系统 redhat_8 rhsm-gtk * Up to
(excluding)
1.28.36-3.el8_8
运行在以下环境
系统 redhat_9 python3-cloud-what * Up to
(excluding)
1.29.33.1-2.el9_2
运行在以下环境
系统 rocky_linux_8 rhsm-icons * Up to
(excluding)
1.28.36-3.el8_8.rocky.0.1
运行在以下环境
系统 rocky_linux_9 python3-cloud-what * Up to
(excluding)
1.29.33.1-2.el9_2.rocky.0.1
阿里云评分
2.8
  • 攻击路径
    本地
  • 攻击复杂度
    困难
  • 权限要求
    无需权限
  • 影响范围
    有限影响
  • EXP成熟度
    未验证
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    无影响
  • 服务器危害
    无影响
  • 全网数量
    N/A
CWE-ID 漏洞类型
CWE-863 授权机制不正确
阿里云安全产品覆盖情况