Описание
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.
Отчет
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2017:0817 | 21.03.2017 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2017:2077 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2017:1842 | 01.08.2017 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2017:2669 | 06.09.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
3.3 Low
CVSS2
Связанные уязвимости
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
The filesystem implementation in the Linux kernel through 4.8.2 preser ...
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
ELSA-2017-3596: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS
4.4 Medium
CVSS3
3.3 Low
CVSS2