CVE-2018-7169
Published: 15 February 2018
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
Priority
CVSS 3 base score: 5.3
Status
Package | Release | Status |
---|---|---|
shadow Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.7-1)
|
Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(1:4.8.1-1ubuntu5.20.04)
|
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(1:4.8.1-1ubuntu5.20.04)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(1:4.8.1-1ubuntu5.20.04)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Needed
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
Patches: Upstream: https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 |