CVE-2023-3899 - Vulnerability Details

CVE-2023-3899 - Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Arm 64 Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Big Endian Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux For Scientific Computing Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux Server Tus Enterprise Linux Server Update Services For Sap Solutions Enterprise Linux Update Services For Sap Solutions Enterprise Linux Workstation Rhel Aus Rhel E4s Rhel Eus Rhel Tus Subscription-manager

Configuration 1 [-]

OR	cpe:2.3:a:redhat:subscription-manager::::::::
	cpe:2.3:a:redhat:subscription-manager::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
subscription-manager-0:1.24.52-2.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:4701	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 8
subscription-manager-0:1.28.36-3.el8_8	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:4706	2023-08-22T00:00:00Z
subscription-manager-0:1.28.36-3.el8_8	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:4706	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
subscription-manager-0:1.25.17.1-2.el8_1	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:4702	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
subscription-manager-0:1.26.22-2.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:4703	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
subscription-manager-0:1.26.22-2.el8_2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:4703	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
subscription-manager-0:1.26.22-2.el8_2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:4703	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
subscription-manager-0:1.28.13-7.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:4704	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
subscription-manager-0:1.28.13-7.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:4704	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
subscription-manager-0:1.28.13-7.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:4704	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
subscription-manager-0:1.28.29.1-2.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:4705	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 9
subscription-manager-0:1.29.33.1-2.el9_2	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:4708	2023-08-22T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
subscription-manager-0:1.29.26.2-2.el9_0	cpe:/o:redhat:rhel_eus:9.0	RHSA-2023:4707	2023-08-22T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:4701
https://access.redhat.com/errata/RHSA-2023:4702
https://access.redhat.com/errata/RHSA-2023:4703
https://access.redhat.com/errata/RHSA-2023:4704
https://access.redhat.com/errata/RHSA-2023:4705
https://access.redhat.com/errata/RHSA-2023:4706
https://access.redhat.com/errata/RHSA-2023:4707
https://access.redhat.com/errata/RHSA-2023:4708
https://access.redhat.com/security/cve/CVE-2023-3899
https://bugzilla.redhat.com/show_bug.cgi?id=2225407
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/
https://nvd.nist.gov/vuln/detail/CVE-2023-3899
https://www.cve.org/CVERecord?id=CVE-2023-3899

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/

Mon, 16 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
References	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-08-23T10:49:11.684Z

Updated: 2024-11-23T00:07:47.908Z

Reserved: 2023-07-25T10:15:36.274Z

Link: CVE-2023-3899

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-08-23T11:15:07.573

Modified: 2024-11-21T08:18:19.280

Link: CVE-2023-3899

Redhat

Severity : Important

Publid Date: 2023-08-22T14:00:00Z

Links: CVE-2023-3899 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object