PT-2023-2142 · Suse · Opensuse Leap 15.4+6

Johannes Segitz

·

Publicado

2023-01-03

·

Atualizado

2024-06-15

·

CVE-2022-31254

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10 SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10 SUSE Manager Server 4.1 rmt-server versions prior to 2.10 openSUSE Leap 15.3 rmt-server versions prior to 2.10 openSUSE Leap 15.4 rmt-server versions prior to 2.10
Description The issue is related to incorrect default permissions in the rmt-server-regsharing service of SUSE Linux Enterprise Server, allowing local attackers with access to the rmt user to escalate to root. This can be exploited by attackers to gain elevated privileges.
Recommendations For SUSE Linux Enterprise Server for SAP 15, update the rmt-server to version 2.10 or later. For SUSE Linux Enterprise Server for SAP 15-SP1, update the rmt-server to version 2.10 or later. For SUSE Manager Server 4.1, update the rmt-server to version 2.10 or later. For openSUSE Leap 15.3, update the rmt-server to version 2.10 or later. For openSUSE Leap 15.4, update the rmt-server to version 2.10 or later.

Exploit

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

BDU:2023-01882
CVE-2022-31254
OPENSUSE-SU-2023_0019-1
OPENSUSE-SU-2023_0020-1
OPENSUSE-SU-2024:12886-1
SUSE-SU-2023:0019-1
SUSE-SU-2023:0020-1
SUSE-SU-2023:0021-1
SUSE-SU-2023:0022-1
SUSE-SU-2023:0023-1
SUSE-SU-2023:2781-1
SUSE-SU-2023_0019-1
SUSE-SU-2023_0020-1
SUSE-SU-2023_0021-1
SUSE-SU-2023_0022-1
SUSE-SU-2023_0023-1
SUSE-SU-2023_2781-1

Produtos afetados

Suse Linux Enterprise Server For Sap 15
Suse Linux Enterprise Server For Sap 15-Sp1
Suse Manager Server 4.1
Suse
Opensuse Leap 15.3
Opensuse Leap 15.4
Rmt-Server