saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls
CVE-2022-45153

7HIGH

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Module For SAP Applications 15-sp1; Suse Linux Enterprise Server For SAP 12-sp5; Opensuse Leap 15.4
Vendor: CVE Published:; 15 February 2023

Summary

The saphanabootstrap-formula component in specific SUSE Linux distributions allows local attackers the ability to escalate privileges to root. This arises from an incorrect default permissions setting in the sudo configuration, making it vulnerable to manipulation. Affected versions in SUSE Linux Enterprise Module for SAP Applications 15-SP1 and openSUSE Leap 15.4 are at risk if they are prior to version 0.13.1+git.1667812208.4db963e. It’s crucial for users to update to the latest version to mitigate this issue.

Affected Version(s)

openSUSE Leap 15.4 saphanabootstrap-formula < 0.13.1+git.1667812208.4db963e

SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula < 0.13.1+git.1667812208.4db963e

SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula < 0.13.1+git.1667812208.4db963e

References

https://bugzilla.suse.com/show_bug.cgi?id=1205990

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2023
Vulnerability Reserved
Nov 11, 2022

Credit

Johannes Segitz of SUSE