Описание
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
Отчет
To exploit this CVE, in normal situations the attacker must have unprivileged access to the system before Insights is run for the first time on the system. Systems that are already running Insights on a regular frequent schedule should not consider themselves vulnerable. in other words, If Insights is registered before unprivileged users are given access, this specific problem doesn't appear to arise.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | insights-client | Out of support scope | ||
| Red Hat Enterprise Linux 7 | insights-client | Fixed | RHSA-2023:6795 | 08.11.2023 |
| Red Hat Enterprise Linux 8 | insights-client | Fixed | RHSA-2023:6283 | 02.11.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | insights-client | Fixed | RHSA-2023:6811 | 08.11.2023 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | insights-client | Fixed | RHSA-2023:6264 | 02.11.2023 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | insights-client | Fixed | RHSA-2023:6264 | 02.11.2023 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | insights-client | Fixed | RHSA-2023:6264 | 02.11.2023 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | insights-client | Fixed | RHSA-2023:6798 | 08.11.2023 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | insights-client | Fixed | RHSA-2023:6798 | 08.11.2023 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | insights-client | Fixed | RHSA-2023:6798 | 08.11.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
Уязвимость оболочки клиентского API Insights-Client, связанная с созданием временных файлов с небезопасными разрешениями, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3