A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

According to the versions of the subscription-manager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4701 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0f2f9bc779 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-29a012c0db advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4706 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4706 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4708 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4708 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4702 advisory.

  - subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4701 advisory.

  - subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4707 advisory.

  - subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4705 advisory.

  - subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4708 advisory.

  - subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4704 advisory.

  - subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4703 advisory.

  - subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4706 advisory.

  - subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
191880	EulerOS 2.0 SP8 : subscription-manager (EulerOS-SA-2024-1302)	Nessus	Huawei Local Security Checks	high
187262	CentOS 7 : subscription-manager (RHSA-2023:4701)	Nessus	CentOS Local Security Checks	high
180440	Fedora 37 : subscription-manager (2023-0f2f9bc779)	Nessus	Fedora Local Security Checks	high
180437	Fedora 38 : subscription-manager (2023-29a012c0db)	Nessus	Fedora Local Security Checks	high
180219	Rocky Linux 8 : subscription-manager (RLSA-2023:4706)	Nessus	Rocky Linux Local Security Checks	high
180177	AlmaLinux 8 : subscription-manager (ALSA-2023:4706)	Nessus	Alma Linux Local Security Checks	high
180158	Rocky Linux 9 : subscription-manager (RLSA-2023:4708)	Nessus	Rocky Linux Local Security Checks	high
180078	AlmaLinux 9 : subscription-manager (ALSA-2023:4708)	Nessus	Alma Linux Local Security Checks	high
180037	RHEL 8 : subscription-manager (RHSA-2023:4702)	Nessus	Red Hat Local Security Checks	high
180036	RHEL 7 : subscription-manager (RHSA-2023:4701)	Nessus	Red Hat Local Security Checks	high
180035	RHEL 9 : subscription-manager (RHSA-2023:4707)	Nessus	Red Hat Local Security Checks	high
180034	RHEL 8 : subscription-manager (RHSA-2023:4705)	Nessus	Red Hat Local Security Checks	high
180033	RHEL 9 : subscription-manager (RHSA-2023:4708)	Nessus	Red Hat Local Security Checks	high
180032	RHEL 8 : subscription-manager (RHSA-2023:4704)	Nessus	Red Hat Local Security Checks	high
180031	RHEL 8 : subscription-manager (RHSA-2023:4703)	Nessus	Red Hat Local Security Checks	high
180030	RHEL 8 : subscription-manager (RHSA-2023:4706)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2023-3899

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high