CVE-2018-7169
Published: 15 February 2018
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
Priority
Low
CVSS 3 base score: 5.3
Status
| Package | Release | Status |
|---|---|---|
|
shadow Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.7-1)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(1:4.8.1-1ubuntu5.20.04)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(1:4.8.1-1ubuntu5.20.04)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Needed
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
|
Patches: Upstream: https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 |
||