7.8

CVE-2018-13405

Exploit
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 3.16
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
FedoraprojectFedora Version34
FedoraprojectFedora Version35
RedhatMrg Realtime Version2.0
RedhatVirtualization Version4.0
RedhatEnterprise Linux Aus Version7.4
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
F5Big-ip Access Policy Manager Version >= 13.0.0 < 13.1.3.5
F5Big-ip Access Policy Manager Version >= 14.0.0 < 14.1.3.1
F5Big-ip Access Policy Manager Version >= 15.0.0 < 15.0.1.4
F5Big-ip Access Policy Manager Version15.1.0
F5Big-ip Access Policy Manager Version16.0.0
F5Big-ip Advanced Firewall Manager Version >= 13.0.0 < 13.1.3.5
F5Big-ip Advanced Firewall Manager Version >= 14.0.0 < 14.1.3.1
F5Big-ip Advanced Firewall Manager Version >= 15.0.0 < 15.0.1.4
F5Big-ip Analytics Version >= 13.0.0 < 13.1.3.5
F5Big-ip Analytics Version >= 14.0.0 < 14.1.3.1
F5Big-ip Analytics Version >= 15.0.0 < 15.0.1.4
F5Big-ip Analytics Version15.1.0
F5Big-ip Analytics Version16.0.0
F5Big-ip Application Acceleration Manager Version >= 13.0.0 < 13.1.3.5
F5Big-ip Application Acceleration Manager Version >= 14.0.0 < 14.1.3.1
F5Big-ip Application Acceleration Manager Version >= 15.0.0 < 15.0.1.4
F5Big-ip Application Security Manager Version >= 13.0.0 < 13.1.3.5
F5Big-ip Application Security Manager Version >= 14.0.0 < 14.1.3.1
F5Big-ip Application Security Manager Version >= 15.0.0 < 15.0.1.4
F5Big-ip Domain Name System Version >= 13.0.0 < 13.1.3.5
F5Big-ip Domain Name System Version >= 14.0.0 < 14.1.3.1
F5Big-ip Domain Name System Version >= 15.0.0 < 15.0.1.4
F5Big-ip Domain Name System Version15.1.0
F5Big-ip Domain Name System Version16.0.0
F5Big-ip Edge Gateway Version >= 13.0.0 < 13.1.3.5
F5Big-ip Edge Gateway Version >= 14.0.0 < 14.1.3.1
F5Big-ip Edge Gateway Version >= 15.0.0 < 15.0.1.4
F5Big-ip Edge Gateway Version15.1.0
F5Big-ip Edge Gateway Version16.0.0
F5Big-ip Fraud Protection Service Version >= 13.0.0 < 13.1.3.5
F5Big-ip Fraud Protection Service Version >= 14.0.0 < 14.1.3.1
F5Big-ip Fraud Protection Service Version >= 15.0.0 < 15.0.1.4
F5Big-ip Global Traffic Manager Version >= 13.0.0 < 13.1.3.5
F5Big-ip Global Traffic Manager Version >= 14.0.0 < 14.1.3.1
F5Big-ip Global Traffic Manager Version >= 15.0.0 < 15.0.1.4
F5Big-ip Global Traffic Manager Version15.1.0
F5Big-ip Global Traffic Manager Version16.0.0
F5Big-ip Link Controller Version >= 13.0.0 < 13.1.3.5
F5Big-ip Link Controller Version >= 14.0.0 < 14.1.3.1
F5Big-ip Link Controller Version >= 15.0.0 < 15.0.1.4
F5Big-ip Link Controller Version15.1.0
F5Big-ip Link Controller Version16.0.0
F5Big-ip Local Traffic Manager Version >= 13.0.0 < 13.1.3.5
F5Big-ip Local Traffic Manager Version >= 14.0.0 < 14.1.3.1
F5Big-ip Local Traffic Manager Version >= 15.0.0 < 15.0.1.4
F5Big-ip Local Traffic Manager Version15.1.0
F5Big-ip Local Traffic Manager Version16.0.0
F5Big-ip Policy Enforcement Manager Version >= 13.0.0 < 13.1.3.5
F5Big-ip Policy Enforcement Manager Version >= 14.0.0 < 14.1.3.1
F5Big-ip Policy Enforcement Manager Version >= 15.0.0 < 15.0.1.4
F5Big-ip Webaccelerator Version >= 13.0.0 < 13.1.3.5
F5Big-ip Webaccelerator Version >= 14.0.0 < 14.1.3.1
F5Big-ip Webaccelerator Version >= 15.0.0 < 15.0.1.4
F5Big-ip Webaccelerator Version15.1.0
F5Big-ip Webaccelerator Version16.0.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.01% 0.589
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://access.redhat.com/errata/RHSA-2018:3083
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3096
Third Party Advisory
https://usn.ubuntu.com/3754-1/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4159
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2948
Third Party Advisory
https://usn.ubuntu.com/3753-1/
Third Party Advisory
https://usn.ubuntu.com/3753-2/
Third Party Advisory
https://usn.ubuntu.com/3752-1/
Third Party Advisory
https://usn.ubuntu.com/3752-2/
Third Party Advisory
https://usn.ubuntu.com/3752-3/
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
Patch
Vendor Advisory
http://openwall.com/lists/oss-security/2018/07/13/2
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/106503
Broken Link
https://access.redhat.com/errata/RHSA-2019:0717
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2476
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2566
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2696
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2730
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4164
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406
Patch
Vendor Advisory
Mailing List
https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/
https://support.f5.com/csp/article/K00854051
Third Party Advisory
https://twitter.com/grsecurity/status/1015082951204327425
Third Party Advisory
https://www.debian.org/security/2018/dsa-4266
Third Party Advisory
https://www.exploit-db.com/exploits/45033/
Third Party Advisory
Exploit
VDB Entry