Title: jar_signature: Prevent privilege escalation to root
Class: security
Compatible: incomp
Component: checks
Date: 1702395666
Edition: cre
Level: 3
Version: 2.2.0p18
jar_signature agent plugin (configured by the 'Signatures of certificates in JAR
files' bakery rule)
was vulnerable to privilege escalation to root by the oracle user.
A malicious oracle user could replace the jarsigner binary with another script and put
it in the JAVA_HOME directory. The script would be executed by the root user.
The jarsigner is now executed by the oracle user, preventing the privilege escalation.
This werk is incompatible for users that use the jar_signature plugin. Too avoid risk,
users
should deploy the new version of the plugin or disable it.
This issue was found during internal review.
<h3>Affected Versions</h3>
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL) and older
<h3>Mitigations</h3>
If updating is not possible, disable the jar_signature plugin.
<h3>Vulnerability Management</h3>
We have rated the issue with a CVSS score of 8.8 (High) with the following CVSS vector:
<code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</code>
We have assigned <code>CVE-2023-6740</code>.
<h3>Changes</h3>
The jarsigner binary is now executed by the oracle user.
Show replies by date