Описание
Security update for shadow
This update for shadow fixes the following issues:
- CVE-2018-7169: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups(2) is allowed. (bsc#1081294)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
shadow-4.2.1-27.6.1
SUSE Linux Enterprise Desktop 12 SP3
shadow-4.2.1-27.6.1
SUSE Linux Enterprise Server 12 SP2
shadow-4.2.1-27.6.1
SUSE Linux Enterprise Server 12 SP3
shadow-4.2.1-27.6.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
shadow-4.2.1-27.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
shadow-4.2.1-27.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
shadow-4.2.1-27.6.1
Ссылки
- Link for SUSE-SU-2018:0662-1
- E-Mail link for SUSE-SU-2018:0662-1
- SUSE Security Ratings
- SUSE Bug 1081294
- SUSE CVE CVE-2018-7169 page
Описание
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:shadow-4.2.1-27.6.1
SUSE Linux Enterprise Desktop 12 SP3:shadow-4.2.1-27.6.1
SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.6.1
SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.6.1
Ссылки
- CVE-2018-7169
- SUSE Bug 1081294