PT-2022-6516 · Suse · Suse Linux Enterprise Module For Sap Applications+3
Johannes Segitz
·
Published
2022-11-11
·
Updated
2023-02-24
·
CVE-2022-45153
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e
SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e
openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e
Description
The issue is related to incorrect default permissions in the saphanabootstrap-formula of affected operating systems, allowing local attackers to escalate to root by manipulating the sudo configuration. This can be exploited by executing commands with elevated privileges.
Recommendations
For SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e, update to version 0.13.1+git.1667812208.4db963e or later.
For SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e, update to version 0.13.1+git.1667812208.4db963e or later.
For openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e, update to version 0.13.1+git.1667812208.4db963e or later.
As a temporary workaround, consider restricting access to the sudo configuration to minimize the risk of exploitation.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse Linux Enterprise Module For Sap Applications
Suse Linux Enterprise Server For Sap
Suse
Opensuse Leap