CVE-2023-3899 Information
Description
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method a low-privileged local user could tamper with the state of the registration by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf which can be abused to cause a local privilege escalation to an unconfined root.
Reference
https://access.redhat.com/errata/RHSA-2023:4705 https://access.redhat.com/errata/RHSA-2023:4706 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://access.redhat.com/errata/RHSA-2023:4707 https://access.redhat.com/errata/RHSA-2023:4708 https://access.redhat.com/errata/RHSA-2023:4701 https://access.redhat.com/errata/RHSA-2023:4702 https://access.redhat.com/errata/RHSA-2023:4703 https://access.redhat.com/errata/RHSA-2023:4704 https://access.redhat.com/security/cve/CVE-2023-3899
Share on: