[Pkg-shadow-devel] Bug#890557: shadow: CVE-2018-7169: unprivileged user can drop supplementary groups
Bálint Réczey
balint at balintreczey.hu
Mon Jul 15 21:38:49 BST 2019
Control: fixed -1 1:4.7-1
Salvatore Bonaccorso <carnil at debian.org> ezt írta (időpont: 2018.
febr. 15., Cs, 22:33):
>
> Source: shadow
> Version: 1:4.5-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for shadow.
>
> CVE-2018-7169[0]:
> | An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is
> | setuid and allows an unprivileged user to be placed in a user namespace
> | where setgroups(2) is permitted. This allows an attacker to remove
> | themselves from a supplementary group, which may allow access to
> | certain filesystem paths if the administrator has used "group
> | blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This
> | flaw effectively reverts a security feature in the kernel (in
> | particular, the /proc/self/setgroups knob) to prevent this sort of
> | privilege escalation.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2018-7169
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
> [1] https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
>
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>
More information about the Pkg-shadow-devel
mailing list