Upstream information

CVE-2022-3560 at MITRE

Description

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 5.5 7.8
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local Local
Attack Complexity Low Low
Privileges Required Low Low
User Interaction None None
Scope Unchanged Unchanged
Confidentiality Impact High High
Integrity Impact None High
Availability Impact None High
CVSSv3 Version 3.1 3.1
SUSE Bugzilla entry: 1202933 [IN_PROGRESS]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Container bci/bci-sle15-kernel-module-devel:15.5.3.2
  • pesign >= 0.112-150000.4.15.1
SUSE CaaS Platform 4.0
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SUSE-CAASP-4.0-2023-484
SUSE Enterprise Storage 7.1
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-Storage-7.1-2023-484
SUSE Enterprise Storage 7
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-Storage-7-2023-484
SUSE Liberty Linux 7
  • pesign >= 0.109-11.el7_9
Patchnames:
RHSA-2023:1093
SUSE Liberty Linux 8
  • pesign >= 0.112-27.el8_7
Patchnames:
RHSA-2023:1572
SUSE Liberty Linux 9
  • pesign >= 115-6.el9_1
Patchnames:
RHSA-2023:1067
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise Module for Basesystem 15 SP4
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Module-Basesystem-15-SP4-2023-484
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 SP5 GA pesign-0.112-150000.4.15.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-484
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-484
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-484
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-484
SUSE Linux Enterprise Real Time 15 SP3
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-RT-15-SP3-2023-484
SUSE Linux Enterprise Server 15 SP1-LTSS
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-484
SUSE Linux Enterprise Server 15 SP2-LTSS
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-484
SUSE Linux Enterprise Server 15 SP3-LTSS
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-484
SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-SP1-2023-484
SUSE Linux Enterprise Server for SAP Applications 15 SP2
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-SP2-2023-484
SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-SP3-2023-484
SUSE Manager Proxy 4.2
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-484
SUSE Manager Retail Branch Server 4.2
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-484
SUSE Manager Server 4.2
  • pesign >= 0.112-150000.4.15.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-484
openSUSE Leap 15.4
  • pesign >= 0.112-150000.4.15.1
Patchnames:
openSUSE-SLE-15.4-2023-484
openSUSE Tumbleweed
  • pesign >= 113-11.1
Patchnames:
openSUSE Tumbleweed GA pesign-113-11.1


Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification. The updates are grouped by state of their lifecycle. SUSE product lifecycles are documented on the lifecycle page.

Product(s) Source package State
Products under general support and receiving all security fixes.
SUSE Enterprise Storage 7.1 pesign Released
SUSE Linux Enterprise Desktop 15 SP5 pesign Released
SUSE Linux Enterprise High Performance Computing 12 SP5 pesign Not affected
SUSE Linux Enterprise High Performance Computing 15 SP5 pesign Released
SUSE Linux Enterprise Module for Basesystem 15 SP5 pesign Released
SUSE Linux Enterprise Real Time 15 SP3 pesign Released
SUSE Linux Enterprise Server 12 SP5 pesign Not affected
SUSE Linux Enterprise Server 12-LTSS pesign Not affected
SUSE Linux Enterprise Server 15 SP5 pesign Released
SUSE Linux Enterprise Server for SAP Applications 12 SP5 pesign Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP4 pesign Released
SUSE Linux Enterprise Server for SAP Applications 15 SP5 pesign Released
SUSE Manager Proxy 4.3 pesign Released
SUSE Manager Retail Branch Server 4.3 pesign Released
SUSE Manager Server 4.3 pesign Released
Products under Long Term Service Pack support and receiving important and critical security fixes.
SUSE Linux Enterprise Desktop 15 SP4 pesign Released
SUSE Linux Enterprise High Performance Computing 15 pesign Affected
SUSE Linux Enterprise High Performance Computing 15 SP1 pesign Affected
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS pesign Unsupported
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS pesign Released
SUSE Linux Enterprise High Performance Computing 15 SP2 pesign Affected
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS pesign Unsupported
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS pesign Released
SUSE Linux Enterprise High Performance Computing 15 SP3 pesign Unsupported
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS pesign Released
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS pesign Released
SUSE Linux Enterprise High Performance Computing 15 SP4 pesign Released
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS pesign Affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS pesign Affected
SUSE Linux Enterprise High Performance Computing 15-ESPOS pesign Affected
SUSE Linux Enterprise High Performance Computing 15-LTSS pesign Unsupported
SUSE Linux Enterprise Module for Basesystem 15 SP2 pesign Affected
SUSE Linux Enterprise Module for Basesystem 15 SP3 pesign Unsupported
SUSE Linux Enterprise Module for Basesystem 15 SP4 pesign Released
SUSE Linux Enterprise Server 12 SP2-BCL pesign Not affected
SUSE Linux Enterprise Server 15 SP2 pesign Affected
SUSE Linux Enterprise Server 15 SP2-LTSS pesign Released
SUSE Linux Enterprise Server 15 SP3 pesign Unsupported
SUSE Linux Enterprise Server 15 SP3-LTSS pesign Released
SUSE Linux Enterprise Server 15 SP4 pesign Released
SUSE Linux Enterprise Server 15 SP4-LTSS pesign Affected
SUSE Linux Enterprise Server 15-ESPOS pesign Unsupported
SUSE Linux Enterprise Server Business Critical Linux 15 SP1 pesign Unsupported
SUSE Linux Enterprise Server Business Critical Linux 15 SP2 pesign Unsupported
SUSE Linux Enterprise Server for SAP Applications 15 pesign Unsupported
SUSE Linux Enterprise Server for SAP Applications 15 SP1 pesign Released
SUSE Linux Enterprise Server for SAP Applications 15 SP2 pesign Released
SUSE Linux Enterprise Server for SAP Applications 15 SP3 pesign Released
Products past their end of life and not receiving proactive updates anymore.
HPE Helion OpenStack 8 pesign Not affected
SUSE CaaS Platform 4.0 pesign Released
SUSE Enterprise Storage 6 pesign Unsupported
SUSE Enterprise Storage 7 pesign Released
SUSE Linux Enterprise Desktop 12 pesign Not affected
SUSE Linux Enterprise Desktop 12 SP1 pesign Not affected
SUSE Linux Enterprise Desktop 12 SP2 pesign Not affected
SUSE Linux Enterprise Desktop 12 SP3 pesign Not affected
SUSE Linux Enterprise Desktop 12 SP4 pesign Not affected
SUSE Linux Enterprise Desktop 15 pesign Affected
SUSE Linux Enterprise Desktop 15 SP1 pesign Affected
SUSE Linux Enterprise Desktop 15 SP2 pesign Affected
SUSE Linux Enterprise Desktop 15 SP3 pesign Unsupported
SUSE Linux Enterprise Module for Development Tools 15 pesign Affected
SUSE Linux Enterprise Module for Development Tools 15 SP1 pesign Affected
SUSE Linux Enterprise Real Time 15 SP2 pesign Affected
SUSE Linux Enterprise Real Time 15 SP4 pesign Affected
SUSE Linux Enterprise Server 11 SP3 pesign Not affected
SUSE Linux Enterprise Server 11 SP3-LTSS pesign Not affected
SUSE Linux Enterprise Server 11 SP4 pesign Not affected
SUSE Linux Enterprise Server 11 SP4-LTSS pesign Not affected
SUSE Linux Enterprise Server 12 pesign Not affected
SUSE Linux Enterprise Server 12 SP1 pesign Not affected
SUSE Linux Enterprise Server 12 SP1-LTSS pesign Not affected
SUSE Linux Enterprise Server 12 SP2 pesign Not affected
SUSE Linux Enterprise Server 12 SP2-ESPOS pesign Not affected
SUSE Linux Enterprise Server 12 SP2-LTSS pesign Not affected
SUSE Linux Enterprise Server 12 SP3 pesign Not affected
SUSE Linux Enterprise Server 12 SP3-BCL pesign Unsupported
SUSE Linux Enterprise Server 12 SP3-ESPOS pesign Not affected
SUSE Linux Enterprise Server 12 SP3-LTSS pesign Not affected
SUSE Linux Enterprise Server 12 SP4 pesign Not affected
SUSE Linux Enterprise Server 12 SP4-ESPOS pesign Not affected
SUSE Linux Enterprise Server 12 SP4-LTSS pesign Not affected
SUSE Linux Enterprise Server 15 pesign Affected
SUSE Linux Enterprise Server 15 SP1 pesign Affected
SUSE Linux Enterprise Server 15 SP1-BCL pesign Affected
SUSE Linux Enterprise Server 15 SP1-LTSS pesign Released
SUSE Linux Enterprise Server 15 SP2-BCL pesign Affected
SUSE Linux Enterprise Server 15 SP3-BCL pesign Affected
SUSE Linux Enterprise Server 15-LTSS pesign Unsupported
SUSE Linux Enterprise Server for SAP Applications 12 SP1 pesign Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP2 pesign Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP3 pesign Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP4 pesign Not affected
SUSE Manager Proxy 4.0 pesign Affected
SUSE Manager Proxy 4.1 pesign Unsupported
SUSE Manager Proxy 4.2 pesign Released
SUSE Manager Retail Branch Server 4.0 pesign Affected
SUSE Manager Retail Branch Server 4.1 pesign Unsupported
SUSE Manager Retail Branch Server 4.2 pesign Released
SUSE Manager Server 4.0 pesign Affected
SUSE Manager Server 4.1 pesign Unsupported
SUSE Manager Server 4.2 pesign Released
SUSE OpenStack Cloud 7 pesign Not affected
SUSE OpenStack Cloud 8 pesign Not affected
SUSE OpenStack Cloud 9 pesign Not affected
SUSE OpenStack Cloud Crowbar 8 pesign Not affected
SUSE OpenStack Cloud Crowbar 9 pesign Not affected
openSUSE Leap 15.4 pesign Released
Container Status
bci/bci-sle15-kernel-module-devel pesignReleased


SUSE Timeline for this CVE

CVE page created: Tue Oct 18 11:03:51 2022
CVE page last modified: Thu Feb 22 17:19:36 2024