低危 Inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration (CVE-2023-3899)

CVE编号

CVE-2023-3899

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-08-23

漏洞描述

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

解决建议

修复至安全版本。

参考链接
https://access.redhat.com/errata/RHSA-2023:4701
https://access.redhat.com/errata/RHSA-2023:4702
https://access.redhat.com/errata/RHSA-2023:4703
https://access.redhat.com/errata/RHSA-2023:4704
https://access.redhat.com/errata/RHSA-2023:4705
https://access.redhat.com/errata/RHSA-2023:4706
https://access.redhat.com/errata/RHSA-2023:4707
https://access.redhat.com/errata/RHSA-2023:4708
https://access.redhat.com/security/cve/CVE-2023-3899
https://bugzilla.redhat.com/show_bug.cgi?id=2225407
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	应用	redhat	enterprise_linux_update_services_for_sap_solutions	8.1	-
	运行在以下环境
	应用	redhat	enterprise_linux_update_services_for_sap_solutions	8.2	-
	运行在以下环境
	应用	redhat	enterprise_linux_update_services_for_sap_solutions	8.4	-
	运行在以下环境
	应用	redhat	enterprise_linux_update_services_for_sap_solutions	8.6	-
	运行在以下环境
	应用	redhat	enterprise_linux_update_services_for_sap_solutions	8.8	-
	运行在以下环境
	应用	redhat	subscription-manager	*		Up to (excluding) 1.28.39
	运行在以下环境
	应用	redhat	subscription-manager	*	From (including) 1.29.0	Up to (excluding) 1.29.37
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	rhsm-gtk	*		Up to (excluding) 1.24.52-2.1.al7
	运行在以下环境
	系统	anolis_os_7	subscription-manager-plugin-ostree	*		Up to (excluding) 1.24.52-2
	运行在以下环境
	系统	fedoraproject	fedora	37	-
	运行在以下环境
	系统	fedoraproject	fedora	38	-
	运行在以下环境
	系统	fedora_37	subscription-manager-debugsource	*		Up to (excluding) 1.29.37-1.fc37
	运行在以下环境
	系统	fedora_38	subscription-manager-debugsource	*		Up to (excluding) 1.29.37-1.fc38
	运行在以下环境
	系统	redhat	enterprise_linux	8.0	-
	运行在以下环境
	系统	redhat	enterprise_linux	9.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_desktop	7.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_eus	8.6	-
	运行在以下环境
	系统	redhat	enterprise_linux_eus	8.8	-
	运行在以下环境
	系统	redhat	enterprise_linux_eus	9.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_eus	9.2	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64	8.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64	9.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64	9.2	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64_eus	8.6	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64_eus	8.8	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64_eus	9.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_arm_64_eus	9.2	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_ibm_z_systems	7.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_ibm_z_systems	8.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_ibm_z_systems	9.0	-
	运行在以下环境
	系统	redhat	enterprise_linux_for_ibm_z_systems	9.2	-
	运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems_eus	8.6	-
运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems_eus	8.8	-
运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems_eus	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_ibm_z_systems_eus	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_big_endian	7.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian	7.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian	8.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian_eus	8.8	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian_eus	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_for_power_little_endian_eus	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_for_scientific_computing	7.0	-
运行在以下环境
系统	redhat	enterprise_linux_server	7.0	-
运行在以下环境
系统	redhat	enterprise_linux_server_aus	8.2	-
运行在以下环境
系统	redhat	enterprise_linux_server_aus	8.4	-
运行在以下环境
系统	redhat	enterprise_linux_server_aus	8.6	-
运行在以下环境
系统	redhat	enterprise_linux_server_aus	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.1	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.2	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.8	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_server_tus	8.2	-
运行在以下环境
系统	redhat	enterprise_linux_server_tus	8.4	-
运行在以下环境
系统	redhat	enterprise_linux_server_tus	8.6	-
运行在以下环境
系统	redhat	enterprise_linux_server_tus	8.8	-
运行在以下环境
系统	redhat	enterprise_linux_server_update_services_for_sap_solutions	9.0	-
运行在以下环境
系统	redhat	enterprise_linux_server_update_services_for_sap_solutions	9.2	-
运行在以下环境
系统	redhat	enterprise_linux_workstation	7.0	-
运行在以下环境
系统	redhat_7	subscription-manager-migration	*		Up to (excluding) 1.24.52-2.el7_9
运行在以下环境
系统	redhat_8	subscription-manager-migration	*		Up to (excluding) 1.28.36-3.el8_8
运行在以下环境
系统	redhat_9	subscription-manager-debuginfo	*		Up to (excluding) 1.29.33.1-2.el9_2

阿里云评分 2.8

• 攻击路径 本地
• 攻击复杂度 困难
• 权限要求 无需权限
• 影响范围 有限影响
• EXP成熟度 未验证
• 补丁情况 官方补丁
• 数据保密性 无影响
• 数据完整性 无影响
• 服务器危害 无影响
• 全网数量 N/A

CWE-ID	漏洞类型
CWE-863	授权机制不正确

Exp相关链接

- avd.aliyun.com