CVE-2023-3972: Insights-client: unsafe handling of temporary files and directories
First published: Thu Jul 27 2023(Updated: )
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/insights-client | <3.2.2 | 3.2.2 |
| Redhat Insights-client | <3.2.2 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| Redhat Enterprise Linux Aus | =8.6 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Eus | =8.6 | |
| Redhat Enterprise Linux Eus | =8.8 | |
| Redhat Enterprise Linux Eus | =9.0 | |
| Redhat Enterprise Linux Eus | =9.2 | |
| Redhat Enterprise Linux For Arm 64 | =8.0 | |
| Redhat Enterprise Linux For Arm 64 Eus | =8.6 | |
| Redhat Enterprise Linux For Arm 64 Eus | =8.8 | |
| Redhat Enterprise Linux For Arm 64 Eus | =9.0 | |
| Redhat Enterprise Linux For Arm 64 Eus | =9.2 | |
| Redhat Enterprise Linux For Ibm Z Systems | =7.0 | |
| Redhat Enterprise Linux For Ibm Z Systems | =8.0 | |
| Redhat Enterprise Linux For Ibm Z Systems | =9.0 | |
| Redhat Enterprise Linux For Ibm Z Systems Eus | =8.6 | |
| Redhat Enterprise Linux For Ibm Z Systems Eus | =8.8 | |
| Redhat Enterprise Linux For Ibm Z Systems Eus | =9.0 | |
| Redhat Enterprise Linux For Ibm Z Systems Eus | =9.2 | |
| Redhat Enterprise Linux For Power Big Endian | =7.0 | |
| Redhat Enterprise Linux For Power Little Endian | =7.0 | |
| Redhat Enterprise Linux For Power Little Endian | =8.0 | |
| Redhat Enterprise Linux For Power Little Endian | =9.0 | |
| Redhat Enterprise Linux For Power Little Endian Eus | =8.6 | |
| Redhat Enterprise Linux For Power Little Endian Eus | =8.8 | |
| Redhat Enterprise Linux For Power Little Endian Eus | =9.2 | |
| Redhat Enterprise Linux For Scientific Computing | =7.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =9.2 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.1 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.2 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.4 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.6 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.8 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =9.0 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =9.2 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =8.6 | |
| Red Hat Enterprise Linux Server | =8.8 | |
| Redhat Enterprise Linux Server Update Services For Sap Solutions | =9.2 | |
| Redhat Enterprise Linux Update Services For Sap Solutions | =8.1 | |
| Redhat Enterprise Linux Update Services For Sap Solutions | =8.2 | |
| Redhat Enterprise Linux Update Services For Sap Solutions | =8.4 | |
| Redhat Enterprise Linux Update Services For Sap Solutions | =8.6 | |
| Redhat Enterprise Linux Update Services For Sap Solutions | =8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2023:6264
- https://access.redhat.com/errata/RHSA-2023:6282
- https://access.redhat.com/errata/RHSA-2023:6283
- https://access.redhat.com/errata/RHSA-2023:6284
- https://access.redhat.com/errata/RHSA-2023:6795
- https://access.redhat.com/errata/RHSA-2023:6796
- https://access.redhat.com/errata/RHSA-2023:6798
- https://access.redhat.com/errata/RHSA-2023:6811
- https://access.redhat.com/security/cve/CVE-2023-3972
- https://bugzilla.redhat.com/show_bug.cgi?id=2227027
- https://github.com/RedHatInsights/insights-core/pull/3878
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2222156
Frequently Asked Questions
What is the severity of CVE-2023-3972?
The severity of CVE-2023-3972 is high with a severity value of 7.8.
How does CVE-2023-3972 affect the insights-client software?
CVE-2023-3972 affects the insights-client software with versions up to and excluding 3.2.2.
Is Redhat Enterprise Linux affected by CVE-2023-3972?
Yes, Redhat Enterprise Linux versions 7.0, 8.0, and 9.0 are affected by CVE-2023-3972.
How can I fix CVE-2023-3972?
To fix CVE-2023-3972, update the insights-client software to version 3.2.2 or higher.
Where can I find more information about CVE-2023-3972?
You can find more information about CVE-2023-3972 in the Redhat security advisories RHSA-2023:6264, RHSA-2023:6282, and RHSA-2023:6283.
- agent/weakness
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3972
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/title
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- agent/source
- agent/softwarecombine
- package-manager/redhat
- vendor/redhat
- canonical/redhat insights-client
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- canonical/redhat enterprise linux aus
- version/redhat enterprise linux aus/8.6
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/8.6
- version/redhat enterprise linux eus/8.8
- version/redhat enterprise linux eus/9.0
- version/redhat enterprise linux eus/9.2
- canonical/redhat enterprise linux for arm 64
- version/redhat enterprise linux for arm 64/8.0
- canonical/redhat enterprise linux for arm 64 eus
- version/redhat enterprise linux for arm 64 eus/8.6
- version/redhat enterprise linux for arm 64 eus/8.8
- version/redhat enterprise linux for arm 64 eus/9.0
- version/redhat enterprise linux for arm 64 eus/9.2
- canonical/redhat enterprise linux for ibm z systems
- version/redhat enterprise linux for ibm z systems/7.0
- version/redhat enterprise linux for ibm z systems/8.0
- version/redhat enterprise linux for ibm z systems/9.0
- canonical/redhat enterprise linux for ibm z systems eus
- version/redhat enterprise linux for ibm z systems eus/8.6
- version/redhat enterprise linux for ibm z systems eus/8.8
- version/redhat enterprise linux for ibm z systems eus/9.0
- version/redhat enterprise linux for ibm z systems eus/9.2
- canonical/redhat enterprise linux for power big endian
- version/redhat enterprise linux for power big endian/7.0
- canonical/redhat enterprise linux for power little endian
- version/redhat enterprise linux for power little endian/7.0
- version/redhat enterprise linux for power little endian/8.0
- version/redhat enterprise linux for power little endian/9.0
- canonical/redhat enterprise linux for power little endian eus
- version/redhat enterprise linux for power little endian eus/8.6
- version/redhat enterprise linux for power little endian eus/8.8
- version/redhat enterprise linux for power little endian eus/9.2
- canonical/redhat enterprise linux for scientific computing
- version/redhat enterprise linux for scientific computing/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/8.2
- version/red hat enterprise linux server/8.4
- version/red hat enterprise linux server/9.2
- canonical/redhat enterprise linux server for power little endian update services for sap solutions
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.1
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.2
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.4
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.6
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.8
- version/redhat enterprise linux server for power little endian update services for sap solutions/9.0
- version/redhat enterprise linux server for power little endian update services for sap solutions/9.2
- version/red hat enterprise linux server/8.6
- version/red hat enterprise linux server/8.8
- canonical/redhat enterprise linux server update services for sap solutions
- version/redhat enterprise linux server update services for sap solutions/9.2
- canonical/redhat enterprise linux update services for sap solutions
- version/redhat enterprise linux update services for sap solutions/8.1
- version/redhat enterprise linux update services for sap solutions/8.2
- version/redhat enterprise linux update services for sap solutions/8.4
- version/redhat enterprise linux update services for sap solutions/8.6
- version/redhat enterprise linux update services for sap solutions/8.8