阿里云漏洞库

漏洞描述

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

解决建议

修复至安全版本。

参考链接
https://access.redhat.com/errata/RHSA-2023:4701
https://access.redhat.com/errata/RHSA-2023:4702
https://access.redhat.com/errata/RHSA-2023:4703
https://access.redhat.com/errata/RHSA-2023:4704
https://access.redhat.com/errata/RHSA-2023:4705
https://access.redhat.com/errata/RHSA-2023:4706
https://access.redhat.com/errata/RHSA-2023:4707
https://access.redhat.com/errata/RHSA-2023:4708
https://access.redhat.com/security/cve/CVE-2023-3899
https://bugzilla.redhat.com/show_bug.cgi?id=2225407
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	redhat	enterprise_linux_update_services_for_sap_solutions	8.1	-
	运行在以下环境
	应用	redhat	enterprise_linux_update_services_for_sap_solutions	8.2	-
	运行在以下环境
	应用	redhat	enterprise_linux_update_services_for_sap_solutions	8.4	-
	运行在以下环境
	应用	redhat	enterprise_linux_update_services_for_sap_solutions	8.6	-
	运行在以下环境
	应用	redhat	enterprise_linux_update_services_for_sap_solutions	8.8	-
	运行在以下环境
	应用	redhat	subscription-manager	*		Up to (excluding) 1.28.39
	运行在以下环境
	应用	redhat	subscription-manager	*	From (including) 1.29.0	Up to (excluding) 1.29.37
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	rhsm-gtk	*		Up to (excluding) 1.24.52-2.1.al7
	运行在以下环境
	系统	alma_linux_8	python3-cloud-what	*		Up to (excluding) 1.28.36-3.el8_8.alma.1
	运行在以下环境
	系统	alma_linux_9	python3-cloud-what	*		Up to (excluding) 1.29.33.1-2.el9_2.alma.1
	运行在以下环境
	系统	anolis_os_7	rhsm-gtk	*		Up to (excluding) 1.24.52-2
	运行在以下环境
	系统	centos_7	rhsm-gtk	*		Up to (excluding) 1.24.52-2.el7_9
	运行在以下环境
	系统	fedoraproject	fedora	37	-
	运行在以下环境
	系统	fedoraproject	fedora	38	-
	运行在以下环境
	系统	fedora_37	python3-cloud-what	*		Up to (excluding) 1.29.37-1.fc37
	运行在以下环境
	系统	fedora_38	python3-cloud-what	*		Up to (excluding) 1.29.37-1.fc38
	运行在以下环境
	系统	redhat	enterprise_linux	8.0	-
	运行在以下环境
	系统	redhat	enterprise_linux	9.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_desktop	7.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_eus	8.6	-
	运行在以下环境
	系统	redhat	enterprise_linux_eus	8.8	-
	运行在以下环境
	系统	redhat	enterprise_linux_eus	9.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_eus	9.2	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64	8.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64	9.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64	9.2	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64_eus	8.6	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64_eus	8.8	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64_eus	9.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64_eus	9.2	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_ibm_z_systems	7.0	-
	运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems	8.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems_eus	8.6	-
运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems_eus	8.8	-
运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems_eus	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems_eus	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_big_endian	7.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian	7.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian	8.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian_eus	8.8	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian_eus	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian_eus	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_for_scientific_computing	7.0	-
运行在以下环境
系统	redhat	enterprise_linux_server	7.0	-
运行在以下环境
系统	redhat	enterprise_linux_server_aus	8.2	-
运行在以下环境
系统	redhat	enterprise_linux_server_aus	8.4	-
运行在以下环境
系统	redhat	enterprise_linux_server_aus	8.6	-
运行在以下环境
系统	redhat	enterprise_linux_server_aus	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.1	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.2	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.8	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_server_tus	8.2	-
运行在以下环境
系统	redhat	enterprise_linux_server_tus	8.4	-
运行在以下环境
系统	redhat	enterprise_linux_server_tus	8.6	-
运行在以下环境
系统	redhat	enterprise_linux_server_tus	8.8	-
运行在以下环境
系统	redhat	enterprise_linux_server_update_services_for_sap_solutions	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_server_update_services_for_sap_solutions	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_workstation	7.0	-
运行在以下环境
系统	redhat_7	rhsm-gtk	*		Up to (excluding) 1.24.52-2.el7_9
运行在以下环境
系统	redhat_8	rhsm-gtk	*		Up to (excluding) 1.28.36-3.el8_8
运行在以下环境
系统	redhat_9	python3-cloud-what	*		Up to (excluding) 1.29.33.1-2.el9_2
运行在以下环境
系统	rocky_linux_8	rhsm-icons	*		Up to (excluding) 1.28.36-3.el8_8.rocky.0.1
运行在以下环境
系统	rocky_linux_9	python3-cloud-what	*		Up to (excluding) 1.29.33.1-2.el9_2.rocky.0.1

攻击路径

本地
攻击复杂度

困难
权限要求

无需权限
影响范围

有限影响
EXP成熟度

未验证
补丁情况

官方补丁
数据保密性

无影响
数据完整性

无影响
服务器危害

无影响
全网数量

N/A

CWE-ID	漏洞类型
CWE-863	授权机制不正确

低危 Inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration (CVE-2023-3899)

漏洞描述

解决建议

参考链接

受影响软件情况