Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-13405

Опубликовано: 05 июл. 2018
Источник: redhat
CVSS3: 4.4

Описание

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelWill not fix
Red Hat Enterprise Linux 6kernelFixedRHSA-2019:071709.04.2019
Red Hat Enterprise Linux 6.6 Advanced Update SupportkernelFixedRHSA-2019:247613.08.2019
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2018:309630.10.2018
Red Hat Enterprise Linux 7kernel-altFixedRHSA-2018:294830.10.2018
Red Hat Enterprise Linux 7kernelFixedRHSA-2018:308330.10.2018
Red Hat Enterprise Linux 7.2 Advanced Update SupportkernelFixedRHSA-2019:416410.12.2019
Red Hat Enterprise Linux 7.2 Telco Extended Update SupportkernelFixedRHSA-2019:416410.12.2019

Показывать по

Дополнительная информация

Статус:

Important
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1599161kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members

4.4 Medium

CVSS3

Связанные уязвимости

CVSS3: 7.8
ubuntu
около 7 лет назад

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

CVSS3: 7.8
nvd
около 7 лет назад

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

CVSS3: 7.8
debian
около 7 лет назад

The inode_init_owner function in fs/inode.c in the Linux kernel throug ...

CVSS3: 7.8
github
около 3 лет назад

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

oracle-oval
больше 6 лет назад

ELSA-2019-0717: kernel security and bug fix update (IMPORTANT)

4.4 Medium

CVSS3