[Pkg-shadow-devel] Bug#890557: shadow: CVE-2018-7169: unprivileged user can drop supplementary groups

Salvatore Bonaccorso carnil at debian.org
Thu Feb 15 21:30:09 UTC 2018


Source: shadow
Version: 1:4.5-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for shadow.

CVE-2018-7169[0]:
| An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is
| setuid and allows an unprivileged user to be placed in a user namespace
| where setgroups(2) is permitted. This allows an attacker to remove
| themselves from a supplementary group, which may allow access to
| certain filesystem paths if the administrator has used "group
| blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This
| flaw effectively reverts a security feature in the kernel (in
| particular, the /proc/self/setgroups knob) to prevent this sort of
| privilege escalation.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-7169
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
[1] https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357


Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



More information about the Pkg-shadow-devel mailing list