CVE-2018-13405

Advisory lineage Upstream: 0 Downstream: 40

Downstream

DEBIAN-CVE-2018-13405 DLA-1466-1 DLA-1529-1 DSA-4266-1 MGASA-2018-0324 MGASA-2018-0340

Modified

Published: 06 Jul 2018, 14:00

Last modified:05 Aug 2024, 09:00

Vulnerability Summary

Overall Risk (default)

medium

41/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.15% LOW

0% probability -0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

06 Jul 2018, 14:00

Published

Vulnerability first disclosed

05 Aug 2024, 09:00

Last Modified

Vulnerability information updated

Description

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.15%• Percentile: 35%

Techniques & Countermeasures

CWE-269•Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Systems

canonical•ubuntu_linux
14.04 | 16.04 | 18.04
debian•debian_linux
8.0 | 9.0
f5•big-ip_access_policy_manager
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_advanced_firewall_manager
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_analytics
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_application_acceleration_manager
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_application_security_manager
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_domain_name_system
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_edge_gateway
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_fraud_protection_service
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_global_traffic_manager
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_link_controller
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_local_traffic_manager
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_policy_enforcement_manager
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
f5•big-ip_webaccelerator
≥ 13.0.0, < 13.1.3.5 | ≥ 14.0.0, < 14.1.3.1 | ≥ 15.0.0, < 15.0.1.4 | 15.1.0 | 16.0.0
fedoraproject•fedora
34 | 35
linux•linux_kernel
≤ 3.16
redhat•enterprise_linux_aus
7.4
redhat•enterprise_linux_desktop
6.0 | 7.0
redhat•enterprise_linux_eus
7.4 | 7.5
redhat•enterprise_linux_for_real_time
7
redhat•enterprise_linux_server
6.0 | 7.0
redhat•enterprise_linux_server_aus
6.6 | 7.2 | 7.3
redhat•enterprise_linux_server_tus
7.2 | 7.3 | 7.4
redhat•enterprise_linux_workstation
6.0 | 7.0
redhat•mrg_realtime
2.0
redhat•virtualization
4.0