Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-7169

Опубликовано: 15 фев. 2018
Источник: ubuntu
Приоритет: low
CVSS2: 5
CVSS3: 5.3

Описание

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

РелизСтатусПримечание
artful

ignored

end of life
bionic

released

1:4.5-1ubuntu2.2
cosmic

ignored

end of life
devel

not-affected

1:4.8.1-1ubuntu5.20.04
disco

ignored

end of life
eoan

ignored

end of life
esm-infra-legacy/trusty

released

1:4.1.5.1-1ubuntu9.5+esm1
esm-infra/bionic

released

1:4.5-1ubuntu2.2
esm-infra/focal

not-affected

1:4.8.1-1ubuntu5.20.04
esm-infra/xenial

released

1:4.2-3.1ubuntu5.5+esm1

Показывать по

Ссылки на источники

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-7169

CVSS3: 4.4
redhat
около 8 лет назад

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

nvd логотип

CVE-2018-7169

CVSS3: 5.3
nvd
почти 8 лет назад

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

debian логотип

CVE-2018-7169

CVSS3: 5.3
debian
почти 8 лет назад

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is ...

suse-cvrf логотип

openSUSE-SU-2018:0667-1

suse-cvrf
почти 8 лет назад

Security update for shadow

suse-cvrf логотип

SUSE-SU-2018:0662-1

suse-cvrf
почти 8 лет назад

Security update for shadow

5 Medium

CVSS2

5.3 Medium

CVSS3