BlueChi Privilege Escalation Vulnerability via Unrestricted Cross-Node Systemd Dependencies

A privilege escalation vulnerability exists in BlueChi, a multi-node systemd service controller used in RHIVOS. This vulnerability allows users with root privileges on a managed node to create or modify systemd service unit files that impact the host node. The flaw arises from improper enforcement of systemd service dependencies across nodes, potentially leading to unauthorized service execution and system compromise.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing a user to gain elevated rights and potentially execute malicious actions or commands with those privileges.

Reproduction

The vulnerability can be reproduced by a user with root privileges on a managed node. By creating or overriding systemd service unit files through the BlueChi controller, the user can introduce dependencies that exploit the lack of restrictions on cross-node service management. This can be automated with a script or a tool that interfaces with the BlueChi service controller, targeting the specific nodes and services involved in the exploitation.

Remediation

Users can update to the latest version of BlueChi, which includes a configuration option to specify allowed proxy services on a per-node basis, restricting unauthorized cross-node dependencies.