Insights-client: unsafe handling of temporary files and directories
CVE-2023-3972

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions; Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor: CVE Published:; 1 November 2023

Summary

A local privilege escalation vulnerability exists in the insights-client due to insecure file operations related to temporary files and directories. If unprivileged users create a specific directory before the insights-client is registered by root, they can set it to be writable. Once registered, an attacker leveraging this misconfiguration can introduce malicious scripts into the insights directory. This manipulation allows them to execute arbitrary code with root privileges, effectively bypassing SELinux protections, as the insights processes can disable SELinux system-wide.

Affected Version(s)

Red Hat Enterprise Linux 7 0:3.1.9-1.el7_9

Red Hat Enterprise Linux 8 0:3.2.2-1.el8_8

Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions 0:3.2.3-1.el8_1

References

https://access.redhat.com/errata/RHSA-2023:6264

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2023:6282

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2023:6283

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
Jul 27, 2023

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Alasdair Kergon (Red Hat) and Pavel Odvody (Red Hat).