4.6
CVSSv2

CVE-2018-13405

Published: 06/07/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 465
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The inode_init_owner function in fs/inode.c in the Linux kernel up to and including 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Vulnerability Trend

Affected Products

Vendor Product Versions
CanonicalUbuntu Linux14.04, 16.04, 18.04
DebianDebian Linux8.0, 9.0
LinuxLinux Kernel4.17.4

Vendor Advisories

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Comm ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services ...
A vulnerability was found in the fs/inodec:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of th ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of 2019-01-05 or later address all of these issues To learn how to check a device's security patch level, see Check and update your Android version Android partners are notified of all issues at least a month before public ...
Several security issues were fixed in the Linux kernel ...
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Synopsis Important: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis Important: kernel-alt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Oracle Linux Bulletin - April 2019 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are release ...
IBM QRadar Network Security is affected by Linux kernel vulnerabilities ...
Oracle Linux Bulletin - October 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...
PowerKVM is affected by vulnerabilities in the Linux Kernel IBM has now addressed these vulnerabilities ...
Several security issues were fixed in the Linux kernel ...

Exploits

/* Note: I am both sending this bug report to security@kernelorg and filing it in the Ubuntu bugtracker because I can't tell whether this counts as a kernel bug or as a Ubuntu bug You may wish to talk to each other to determine the best place to fix this I noticed halfdog's old writeup at wwwhalfdognet/Security/2015/SetgidDirectoryPri ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4266-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso August 06, 2018 wwwdebianorg/security/faq ...

Github Repositories

Recent Articles

Facebook Messenger backdoor demand, bail in Bitcoin, and lots more
The Register • Shaun Nichols in San Francisco • 18 Aug 2018

If you're not already suffering from Black Hat/DEF CON overload

Roundup It's time for another rapid roundup of computer security news beyond what we've already reported.
Uncle Sam is demanding Facebook alter its Messenger software so that American g-men can easily snoop on suspected criminals, it is claimed.
The social network is said to be fighting off demands by the US government to deliberately hobble the strong end-to-end encryption in its chat software, and allow voice conversations to be spied on by investigators. Prosecutors are trying to ...