CVE-2018-7169

Published: 15 February 2018

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

Priority

Low

CVSS 3 base score: 5.3

Status

Package Release Status
shadow
Launchpad, Ubuntu, Debian
Upstream
Released (4.7-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1:4.8.1-1ubuntu5.20.04)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:4.8.1-1ubuntu5.20.04)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0