rmt-server-pubcloud allows to escalate from user _rmt to root
CVE-2022-31254

7.8HIGH

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Server For SAP 15; Suse Linux Enterprise Server For SAP 15-sp1; Suse Manager Server 4.1; Opensuse Leap 15.3
Vendor: CVE Published:; 7 February 2023

Summary

An Incorrect Default Permissions vulnerability has been identified in the rmt-server-regsharing service of multiple SUSE products. This flaw permits local attackers with access to the _rmt user to escalate their privileges to root, potentially compromising the system's integrity. Affected versions include SUSE Linux Enterprise Server for SAP 15, its SP1 edition, SUSE Manager Server 4.1, and openSUSE Leap 15.3 and 15.4, specifically those rmt-server versions prior to 2.10. It is critical for organizations using these systems to apply the necessary updates to mitigate this security risk.

Affected Version(s)

openSUSE Leap 15.3 rmt-server < 2.10

openSUSE Leap 15.4 rmt-server < 2.10

SUSE Linux Enterprise Server for SAP 15 rmt-server < 2.10

References

https://bugzilla.suse.com/show_bug.cgi?id=1204285

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
May 20, 2022

Credit

Johannes Segitz of SUSE