The inode_init_owner function in fs/inode.c in the Linux kernel up to and including 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
linux linux kernel |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 18.04 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server aus 7.2 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server tus 7.2 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server aus 6.6 |
||
redhat enterprise linux for real time 7 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux server tus 7.3 |
||
redhat enterprise linux server aus 7.3 |
||
redhat virtualization 4.0 |
||
redhat enterprise linux server tus 7.4 |
||
redhat enterprise linux aus 7.4 |
||
redhat enterprise linux eus 7.4 |
||
redhat enterprise linux eus 7.5 |
||
redhat mrg realtime 2.0 |
||
f5 big-ip application acceleration manager 15.1.0 |
||
f5 big-ip local traffic manager 15.1.0 |
||
f5 big-ip advanced firewall manager 15.1.0 |
||
f5 big-ip policy enforcement manager 15.1.0 |
||
f5 big-ip link controller 15.1.0 |
||
f5 big-ip global traffic manager 15.1.0 |
||
f5 big-ip fraud protection service 15.1.0 |
||
f5 big-ip domain name system 15.1.0 |
||
f5 big-ip application security manager 15.1.0 |
||
f5 big-ip access policy manager 15.1.0 |
||
f5 big-ip analytics 15.1.0 |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip analytics |
||
f5 big-ip application acceleration manager |
||
f5 big-ip application security manager |
||
f5 big-ip domain name system |
||
f5 big-ip fraud protection service |
||
f5 big-ip global traffic manager |
||
f5 big-ip link controller |
||
f5 big-ip local traffic manager |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip access policy manager |
||
f5 big-ip edge gateway |
||
f5 big-ip webaccelerator |
||
f5 big-ip access policy manager 16.0.0 |
||
f5 big-ip advanced firewall manager 16.0.0 |
||
f5 big-ip analytics 16.0.0 |
||
f5 big-ip application acceleration manager 16.0.0 |
||
f5 big-ip application security manager 16.0.0 |
||
f5 big-ip domain name system 16.0.0 |
||
f5 big-ip fraud protection service 16.0.0 |
||
f5 big-ip global traffic manager 16.0.0 |
||
f5 big-ip link controller 16.0.0 |
||
f5 big-ip local traffic manager 16.0.0 |
||
f5 big-ip policy enforcement manager 16.0.0 |
||
f5 big-ip webaccelerator 16.0.0 |
||
f5 big-ip webaccelerator 15.1.0 |
||
f5 big-ip edge gateway 16.0.0 |
||
f5 big-ip edge gateway 15.1.0 |
If you're not already suffering from Black Hat/DEF CON overload They're back! 'Feds only' encryption backdoors prepped in US by Dems
Roundup It's time for another rapid roundup of computer security news beyond what we've already reported. Uncle Sam is demanding Facebook alter its Messenger software so that American g-men can easily snoop on suspected criminals, it is claimed. The social network is said to be fighting off demands by the US government to deliberately hobble the strong encryption in its chat software, and allow voice conversations to be spied on by investigators. Prosecutors are trying to hold Facebook in contem...
Vulmon