Описание
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).
A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.
Отчет
The impact of the CVE marked as moderate as this CVE relies on an improbable non-default configuration of allowing an unprivileged user to run demidecode under sudo with a specific insecure configuration in the sudoers file. Using dmidecode in such a manner is no different than allowing any other tool to unexpectedly run with elevated privileges.
Меры по смягчению последствий
Do not configure sudoers file to allow running dmidecode with elevated privileges.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | dmidecode | Out of support scope | ||
| Red Hat Enterprise Linux 7 | dmidecode | Out of support scope | ||
| Red Hat Enterprise Linux 8 | dmidecode | Fixed | RHSA-2023:5252 | 19.09.2023 |
| Red Hat Enterprise Linux 9 | dmidecode | Fixed | RHSA-2023:5061 | 12.09.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This ...
EPSS
7.1 High
CVSS3