exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2023-3972

Status Candidate

Overview

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

Related Files

Red Hat Security Advisory 2023-6811-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6811-01 - An update for insights-client is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3972
SHA-256 | b80cd7d473f687dd15d7e0220e4e3c51aa24cafc3f3e60fae77838ef6ee112ab
Red Hat Security Advisory 2023-6798-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6798-01 - An update for insights-client is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3972
SHA-256 | bc9943c370652b3a63684c15261cba9a57dca795f8af7ad6910cd7e485de1eb4
Red Hat Security Advisory 2023-6796-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6796-01 - An update for insights-client is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3972
SHA-256 | 431a31e5169232cc79215b79179d6ca50da096a87d7976ee6347fe36a46d5eb6
Red Hat Security Advisory 2023-6795-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6795-01 - An update for insights-client is now available for Red Hat Enterprise Linux 7.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3972
SHA-256 | ade2d3fadaa45b94776be61dfbe7b12e9f6744230b0b24dbe920676b1babd9db
Red Hat Security Advisory 2023-6284-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6284-01 - An update for insights-client is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3972
SHA-256 | 4b8b02ff1c599e5898714fb177326d4122b6adb3f972d500dbb339c084e555a6
Red Hat Security Advisory 2023-6283-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6283-01 - An update for insights-client is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3972
SHA-256 | 4700486908694ce6b2fd04e08f36aa9ec3b3fed35459974daef85697fa334048
Red Hat Security Advisory 2023-6282-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6282-01 - An update for insights-client is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3972
SHA-256 | 3b5b1a86cc5bf104021ae1649ee378a4e5b292cbcf1b55a3460c46050ab6b922
Red Hat Security Advisory 2023-6264-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6264-01 - An update for insights-client is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3972
SHA-256 | f9cd4065e70ee001b56cf69c909e76229f3e2de26567e1682e3474f0bfe4e14b
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close