Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-3899

DescriptionA vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

Source

Affected Packages and Issued Red Hat Security Errata

Search:

Platform	Package	State	Errata
Red Hat Enterprise Linux 7	subscription-managermoderate moderate This rating is given to flaws that may be more difficult to exploit but could still lead to some compromise of the confidentiality, integrity or availability of resources under certain circumstances. These are the types of vulnerabilities that could have had a Critical or Important impact but are less easily exploited based on a technical evaluation of the flaw, and/or affect unlikely configurations. CVSS v3: 6.1 See score details	Fixed	RHSA-2023:4701
Red Hat Enterprise Linux 8	subscription-manager	Fixed	RHSA-2023:4706
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	subscription-manager	Fixed	RHSA-2023:4702
Red Hat Enterprise Linux 8.2 Advanced Update Support	subscription-manager	Fixed	RHSA-2023:4703
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	subscription-manager	Fixed	RHSA-2023:4703
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	subscription-manager	Fixed	RHSA-2023:4703
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	subscription-manager	Fixed	RHSA-2023:4704
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	subscription-manager	Fixed	RHSA-2023:4704
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	subscription-manager	Fixed	RHSA-2023:4704
Red Hat Enterprise Linux 8.6 Extended Update Support	subscription-manager	Fixed	RHSA-2023:4705

Show entries

First Previous1 2Next Last

Showing 1 to 10 of 13 entries

Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Affected Packages and Issued Red Hat Security Errata

moderate Impact

Vulmon Search

About

Products

Connect