A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

According to the versions of the subscription-manager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4701 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0f2f9bc779 advisory.

    Automatic update for subscription-manager-1.29.37-1.fc37.

    ##### **Changelog for subscription-manager**

    ```
    * Wed Aug 23 2023 Packit <hello@packit.dev> - 1.29.37-1
    - Automatic commit of package [subscription-manager] release [1.29.37-1]. (Pino Toscano)
    - Translated using Weblate (Korean) ()
    - Update translation files (Weblate)
    - 2225446: Hotfix of D-Bus policy (Jiri Hnidek)
    - TESTING: Update testing requirements (Matyas Horky)
    - Use Fedora registry to pull container images (Matyas Horky)
    - 2232316: dbus: check force again from the registration option (Pino Toscano)
    - dbus: run EntCertActionInvoker on PoolAttach (Pino Toscano)
    - ENT-5624: Properly translate error strings (Matyas Horky)
    - Mock IOError for Insights fact collection tests (Matyas Horky)
    - New extraction for translatable strings (Pino Toscano)

    ```


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-29a012c0db advisory.

    Automatic update for subscription-manager-1.29.37-1.fc38.

    ##### **Changelog for subscription-manager**

    ```
    * Wed Aug 23 2023 Packit <hello@packit.dev> - 1.29.37-1
    - Automatic commit of package [subscription-manager] release [1.29.37-1]. (Pino Toscano)
    - Translated using Weblate (Korean) ()
    - Update translation files (Weblate)
    - 2225446: Hotfix of D-Bus policy (Jiri Hnidek)
    - TESTING: Update testing requirements (Matyas Horky)
    - Use Fedora registry to pull container images (Matyas Horky)
    - 2232316: dbus: check force again from the registration option (Pino Toscano)
    - dbus: run EntCertActionInvoker on PoolAttach (Pino Toscano)
    - ENT-5624: Properly translate error strings (Matyas Horky)
    - Mock IOError for Insights fact collection tests (Matyas Horky)
    - New extraction for translatable strings (Pino Toscano)

    ```


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4706 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4706 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4708 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4708 advisory.

  - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate     authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users     that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a     low-privileged local user could tamper with the state of the registration, by unregistering the system or     by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration     directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an     unconfined root. (CVE-2023-3899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4702 advisory.

    The subscription-manager packages provide programs and libraries to allow users to manage subscriptions     and yum repositories from the Red Hat entitlement platform.

    Security Fix(es):

    * subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4701 advisory.

    The subscription-manager packages provide programs and libraries to allow users to manage subscriptions     and yum repositories from the Red Hat entitlement platform.

    Security Fix(es):

    * subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4707 advisory.

    The subscription-manager packages provide programs and libraries to allow users to manage subscriptions     and yum repositories from the Red Hat entitlement platform.

    Security Fix(es):

    * subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4705 advisory.

    The subscription-manager packages provide programs and libraries to allow users to manage subscriptions     and yum repositories from the Red Hat entitlement platform.

    Security Fix(es):

    * subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4708 advisory.

    The subscription-manager packages provide programs and libraries to allow users to manage subscriptions     and yum repositories from the Red Hat entitlement platform.

    Security Fix(es):

    * subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4704 advisory.

    The subscription-manager packages provide programs and libraries to allow users to manage subscriptions     and yum repositories from the Red Hat entitlement platform.

    Security Fix(es):

    * subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4703 advisory.

    The subscription-manager packages provide programs and libraries to allow users to manage subscriptions     and yum repositories from the Red Hat entitlement platform.

    Security Fix(es):

    * subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4706 advisory.

    The subscription-manager packages provide programs and libraries to allow users to manage subscriptions     and yum repositories from the Red Hat entitlement platform.

    Security Fix(es):

    * subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to     modify configuration (CVE-2023-3899)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
191880	EulerOS 2.0 SP8 : subscription-manager (EulerOS-SA-2024-1302)	Nessus	Huawei Local Security Checks	high
187262	CentOS 7 : subscription-manager (RHSA-2023:4701)	Nessus	CentOS Local Security Checks	high
180440	Fedora 37 : subscription-manager (2023-0f2f9bc779)	Nessus	Fedora Local Security Checks	high
180437	Fedora 38 : subscription-manager (2023-29a012c0db)	Nessus	Fedora Local Security Checks	high
180219	Rocky Linux 8 : subscription-manager (RLSA-2023:4706)	Nessus	Rocky Linux Local Security Checks	high
180177	AlmaLinux 8 : subscription-manager (ALSA-2023:4706)	Nessus	Alma Linux Local Security Checks	high
180158	Rocky Linux 9 : subscription-manager (RLSA-2023:4708)	Nessus	Rocky Linux Local Security Checks	high
180078	AlmaLinux 9 : subscription-manager (ALSA-2023:4708)	Nessus	Alma Linux Local Security Checks	high
180037	RHEL 8 : subscription-manager (RHSA-2023:4702)	Nessus	Red Hat Local Security Checks	high
180036	RHEL 7 : subscription-manager (RHSA-2023:4701)	Nessus	Red Hat Local Security Checks	high
180035	RHEL 9 : subscription-manager (RHSA-2023:4707)	Nessus	Red Hat Local Security Checks	high
180034	RHEL 8 : subscription-manager (RHSA-2023:4705)	Nessus	Red Hat Local Security Checks	high
180033	RHEL 9 : subscription-manager (RHSA-2023:4708)	Nessus	Red Hat Local Security Checks	high
180032	RHEL 8 : subscription-manager (RHSA-2023:4704)	Nessus	Red Hat Local Security Checks	high
180031	RHEL 8 : subscription-manager (RHSA-2023:4703)	Nessus	Red Hat Local Security Checks	high
180030	RHEL 8 : subscription-manager (RHSA-2023:4706)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2023-3899

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high