Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1113

Опубликовано: 24 апр. 2018
Источник: redhat
CVSS3: 4.8
EPSS Низкий

Описание

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.

Setup in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.

Отчет

Preventing a user from accessing the system without deleting their account is not a simple matter. For utmost security, the account should be deleted. Short of this, we recommend a three-pronged approach:

  • change the user's login shell to a harmless command that is not in "/etc/shells" (for example "/bin/false") to prevent commands being run on their behalf
  • lock the user's password with "usermod -L" to prevent authentication with pam services
  • prevent access to the user's home directory with "chmod 0" or "chown root" and "chmod 700" to prevent authentication with ssh keys etc

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5setupWill not fix
Red Hat Enterprise Linux 6setupFix deferred
Red Hat Enterprise Linux 8setupNot affected
Red Hat Enterprise Linux 7setupFixedRHSA-2018:324930.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=1571094setup: nologin listed in /etc/shells violates security expectations

EPSS

Процентиль: 13%
0.00044
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1113

CVSS3: 4.8
nvd
больше 7 лет назад

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.

github логотип

GHSA-pj9f-pvw9-ffjc

CVSS3: 5.3
github
больше 3 лет назад

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.

oracle-oval логотип

ELSA-2018-3249

oracle-oval
около 7 лет назад

ELSA-2018-3249: setup security and bug fix update (LOW)

fstec логотип

BDU:2021-04535

CVSS3: 4.8
fstec
больше 7 лет назад

Уязвимость модуля pam_shells пакета файлов конфигурации и настройки системы Setup операционных систем Red Hat Enterprise Linux и Fedora, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 13%
0.00044
Низкий

4.8 Medium

CVSS3