CVE-2017-2663

Published: Jul 27, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack.

Affected (1)

Products: Redhat: Subscription Manager

1 product

Subscription Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Subscription Manager	Before 1.19.4

Related CWEs

Privilege Context Switching Error

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

References (6)

http://www.securityfocus.com/bid/97015

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2663

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/candlepin/subscription-manager/commit/2aa48ef65

Source: secalert@redhat.com

PatchThird Party Advisory

http://www.securityfocus.com/bid/97015

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2663

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/candlepin/subscription-manager/commit/2aa48ef65

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.