Vulnerability CVE-2018-7169: Information

Description

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-7169

Published: Feb. 15, 2018

Modified: Oct. 3, 2019

Error type identifier: CWE-732

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
shadow	sisyphus	4.5-alt5	4.15.1-alt2	ALT-PU-2019-2549-1	236682	Fixed
shadow	sisyphus_e2k	4.13-alt5	4.15.1-alt1	ALT-PU-2023-3582-1	-	Fixed
shadow	sisyphus_riscv64	4.13-alt3	4.15.1-alt2	ALT-PU-2023-3318-1	-	Fixed
shadow	p10	4.5-alt5	4.5-alt11	ALT-PU-2019-2549-1	236682	Fixed
shadow	p9	4.5-alt5	4.5-alt8	ALT-PU-2019-2619-1	236683	Fixed
shadow	c10f1	4.5-alt5	4.5-alt9	ALT-PU-2019-2549-1	236682	Fixed
shadow	c9f2	4.5-alt5	4.5-alt5	ALT-PU-2019-2619-1	236683	Fixed
shadow	p11	4.5-alt5	4.15.1-alt1	ALT-PU-2019-2549-1	236682	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357	Exploit Issue Tracking Third Party Advisory
GLSA-201805-09	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:shadow_project:shadow:4.5:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2018-7169: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1