Incorrect Default Permissions Affecting rmt-server package, versions <2.10-150100.3.42.1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES151-RMTSERVER-3188549
- published 4 Jan 2023
- disclosed 3 Jan 2023
Introduced: 3 Jan 2023
CVE-2022-31254 Open this link in a new tabHow to fix?
Upgrade SLES:15.1 rmt-server to version 2.10-150100.3.42.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rmt-server package and not the rmt-server package as distributed by SLES.
See How to fix? for SLES:15.1 relevant fixed versions and status.
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.