Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
CVE-2023-3899

7.8HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
23 August 2023

Summary

A vulnerability exists in Subscription Manager that permits local privilege escalation due to insufficient authorization controls. The D-Bus interface com.redhat.RHSM1 grants access to numerous methods for all users, enabling a low-privileged local user to manipulate the state of the registration. Particularly, the com.redhat.RHSM1.Config.SetAll() method allows unauthorized users to unregister the system or alter current entitlements. This can lead to setting arbitrary configurations in /etc/rhsm/rhsm.conf, which can be exploited for a local privilege escalation to gain unconfined root access.

Affected Version(s)

Red Hat Enterprise Linux 7 0:1.24.52-2.el7_9

Red Hat Enterprise Linux 8 0:1.28.36-3.el8_8

Red Hat Enterprise Linux 8 0:1.28.36-3.el8_8

References

https://access.redhat.com/errata/RHSA-2023:4701
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4702
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4703
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Thibault Guittet (Senior Product Security Engineer, Red Hat).
.