CVE-2018-7169

Published: 15/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an malicious user to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
shadow project shadow 4.5

Several security issues were fixed in shadow ...

Debian Bug report logs - #890557 shadow: CVE-2018-7169: unprivileged user can drop supplementary groups Package: src:shadow; Maintainer for src:shadow is Shadow package maintainers <pkg-shadow-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 15 Feb 2018 21:33:01 UTC Sev ...

An issue was discovered in newgidmap, in shadow-utils, that allows an unprivileged user to be placed in a user namespace where setgroups is permitted An attacker could use this flaw to remove himself from a supplementary group, which may allow access to certain filesystem paths, if the administrator has used "group blacklisting" (eg, chmod g-rwx ...

CWE-732 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 https://security.gentoo.org/glsa/201805-09 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5254-1 https://access.redhat.com/security/cve/cve-2018-7169

CVE-2018-7169

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect