CVE-2023-3972: Insights-client: unsafe handling of temporary files and directories
First published: Thu Jul 27 2023(Updated: )
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/insights-client | <3.2.2 | 3.2.2 |
| Red Hat Insights Client | <3.2.2 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| Red Hat Enterprise Linux | =8.6 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server EUS | =8.6 | |
| Red Hat Enterprise Linux Server EUS | =8.8 | |
| Red Hat Enterprise Linux Server EUS | =9.0 | |
| Red Hat Enterprise Linux Server EUS | =9.2 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux for ARM64 EUS | =8.6 | |
| Red Hat Enterprise Linux for ARM64 EUS | =8.8 | |
| Red Hat Enterprise Linux for ARM64 EUS | =9.0 | |
| Red Hat Enterprise Linux for ARM64 EUS | =9.2 | |
| Red Hat Enterprise Linux for IBM Z Systems | =7.0 | |
| Red Hat Enterprise Linux for IBM Z Systems | =8.0 | |
| Red Hat Enterprise Linux for IBM Z Systems | =9.0 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.6 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.8 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =9.0 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =9.2 | |
| Red Hat Enterprise Linux for Power, big endian | =7.0 | |
| Red Hat Enterprise Linux for Power, little endian | =7.0 | |
| Red Hat Enterprise Linux for Power, little endian | =8.0 | |
| Red Hat Enterprise Linux for Power, little endian | =9.0 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.6 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.8 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.2 | |
| Red Hat Enterprise Linux for Scientific Computing | =7.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =9.2 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.1 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.2 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.4 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.6 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.8 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.0 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.2 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =8.6 | |
| Red Hat Enterprise Linux Server | =8.8 | |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions | =9.2 | |
| Red Hat Enterprise Linux for SAP Solutions | =8.1 | |
| Red Hat Enterprise Linux for SAP Solutions | =8.2 | |
| Red Hat Enterprise Linux for SAP Solutions | =8.4 | |
| Red Hat Enterprise Linux for SAP Solutions | =8.6 | |
| Red Hat Enterprise Linux for SAP Solutions | =8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2023:6264
- https://access.redhat.com/errata/RHSA-2023:6282
- https://access.redhat.com/errata/RHSA-2023:6283
- https://access.redhat.com/errata/RHSA-2023:6284
- https://access.redhat.com/errata/RHSA-2023:6795
- https://access.redhat.com/errata/RHSA-2023:6796
- https://access.redhat.com/errata/RHSA-2023:6798
- https://access.redhat.com/errata/RHSA-2023:6811
- https://access.redhat.com/security/cve/CVE-2023-3972
- https://bugzilla.redhat.com/show_bug.cgi?id=2227027
- https://github.com/RedHatInsights/insights-core/pull/3878
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2222156
Frequently Asked Questions
What is the severity of CVE-2023-3972?
The severity of CVE-2023-3972 is high with a severity value of 7.8.
How does CVE-2023-3972 affect the insights-client software?
CVE-2023-3972 affects the insights-client software with versions up to and excluding 3.2.2.
Is Redhat Enterprise Linux affected by CVE-2023-3972?
Yes, Redhat Enterprise Linux versions 7.0, 8.0, and 9.0 are affected by CVE-2023-3972.
How can I fix CVE-2023-3972?
To fix CVE-2023-3972, update the insights-client software to version 3.2.2 or higher.
Where can I find more information about CVE-2023-3972?
You can find more information about CVE-2023-3972 in the Redhat security advisories RHSA-2023:6264, RHSA-2023:6282, and RHSA-2023:6283.
- agent/weakness
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3972
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/title
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/red hat insights client
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- version/red hat enterprise linux/8.6
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/8.6
- version/red hat enterprise linux server eus/8.8
- version/red hat enterprise linux server eus/9.0
- version/red hat enterprise linux server eus/9.2
- canonical/red hat enterprise linux for arm64 eus
- version/red hat enterprise linux for arm64 eus/8.6
- version/red hat enterprise linux for arm64 eus/8.8
- version/red hat enterprise linux for arm64 eus/9.0
- version/red hat enterprise linux for arm64 eus/9.2
- canonical/red hat enterprise linux for ibm z systems
- version/red hat enterprise linux for ibm z systems/7.0
- version/red hat enterprise linux for ibm z systems/8.0
- version/red hat enterprise linux for ibm z systems/9.0
- canonical/red hat enterprise linux for ibm z systems (s390x)
- version/red hat enterprise linux for ibm z systems (s390x)/8.6
- version/red hat enterprise linux for ibm z systems (s390x)/8.8
- version/red hat enterprise linux for ibm z systems (s390x)/9.0
- version/red hat enterprise linux for ibm z systems (s390x)/9.2
- canonical/red hat enterprise linux for power, big endian
- version/red hat enterprise linux for power, big endian/7.0
- canonical/red hat enterprise linux for power, little endian
- version/red hat enterprise linux for power, little endian/7.0
- version/red hat enterprise linux for power, little endian/8.0
- version/red hat enterprise linux for power, little endian/9.0
- canonical/red hat enterprise linux for power, little endian - extended update support
- version/red hat enterprise linux for power, little endian - extended update support/8.6
- version/red hat enterprise linux for power, little endian - extended update support/8.8
- version/red hat enterprise linux for power, little endian - extended update support/9.2
- canonical/red hat enterprise linux for scientific computing
- version/red hat enterprise linux for scientific computing/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/8.2
- version/red hat enterprise linux server/8.4
- version/red hat enterprise linux server/9.2
- canonical/red hat enterprise linux for sap applications for power, little endian - extended update support
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.1
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.2
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.4
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.6
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.8
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/9.0
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/9.2
- version/red hat enterprise linux server/8.6
- version/red hat enterprise linux server/8.8
- canonical/red hat enterprise linux server update services for sap solutions
- version/red hat enterprise linux server update services for sap solutions/9.2
- canonical/red hat enterprise linux for sap solutions
- version/red hat enterprise linux for sap solutions/8.1
- version/red hat enterprise linux for sap solutions/8.2
- version/red hat enterprise linux for sap solutions/8.4
- version/red hat enterprise linux for sap solutions/8.6
- version/red hat enterprise linux for sap solutions/8.8