跳转到帖子

Red Hat: CVE-2022-3560: Local privilege escalation on pesign systemd service (Multiple Advisories)

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Red Hat: CVE-2022-3560: Local privilege escalation on pesign systemd service (Multiple Advisories)

Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
02/02/2023
Created
03/08/2023
Added
03/07/2023
Modified
01/30/2025

Description

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

Solution(s)

  • redhat-upgrade-pesign
  • redhat-upgrade-pesign-debuginfo
  • redhat-upgrade-pesign-debugsource

References

  • CVE-2022-3560
  • RHSA-2023:1065
  • RHSA-2023:1066
  • RHSA-2023:1067
  • RHSA-2023:1093
  • RHSA-2023:1572
  • RHSA-2023:1829
View more
  • 引用
  • Mention
    • 查看数 696
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表