Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-18955

Опубликовано: 16 нояб. 2018
Источник: nvd
CVSS3: 7
CVSS2: 4.4
EPSS Средний

Описание

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.15 (включая) до 4.19.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.1222
Средний

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

ubuntu логотип

CVE-2018-18955

CVSS3: 7
ubuntu
около 7 лет назад

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

redhat логотип

CVE-2018-18955

CVSS3: 7.8
redhat
около 7 лет назад

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

debian логотип

CVE-2018-18955

CVSS3: 7
debian
около 7 лет назад

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() i ...

github логотип

GHSA-c6xj-3c77-g5rg

CVSS3: 7
github
больше 3 лет назад

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

fstec логотип

BDU:2019-00432

CVSS3: 7
fstec
больше 7 лет назад

Уязвимость функции map_write() ("kernel/user_namespace.c") ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 94%
0.1222
Средний

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-863