Bug 2135420 (CVE-2022-3560)
| Summary: | CVE-2022-3560 pesign: Local privilege escalation on pesign systemd service | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marco Benatto <mbenatto> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | bootloader-eng-team, ogutierr, rharwood, rhughes, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | pesign-116 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-04-18 22:05:02 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2135819, 2135820, 2135821, 2135822, 2135823, 2135824, 2135825, 2135826, 2135827, 2135828, 2164235, 2164236, 2165983 | ||
| Bug Blocks: | 2134226 | ||
|
Description
Marco Benatto
2022-10-17 15:26:49 UTC
Created pesign tracking bugs for this issue: Affects: fedora-all [bug 2165983] This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1065 https://access.redhat.com/errata/RHSA-2023:1065 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1066 https://access.redhat.com/errata/RHSA-2023:1066 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1067 https://access.redhat.com/errata/RHSA-2023:1067 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:1093 https://access.redhat.com/errata/RHSA-2023:1093 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:1107 https://access.redhat.com/errata/RHSA-2023:1107 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:1586 https://access.redhat.com/errata/RHSA-2023:1586 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1572 https://access.redhat.com/errata/RHSA-2023:1572 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1829 https://access.redhat.com/errata/RHSA-2023:1829 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3560 |