An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and
allows an unprivileged user to be placed in a user namespace where setgroups(2)
is permitted. This allows an attacker to remove themselves from a supplementary
group, which may allow access to certain filesystem paths if the administrator
has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths.
This flaw effectively reverts a security feature in the kernel (in particular,
the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
CVE-2018-7169
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and setgroups knob) to prevent this sort of privilege escalation.
allows an unprivileged user to be placed in a user namespace where setgroups(2)
is permitted. This allows an attacker to remove themselves from a supplementary
group, which may allow access to certain filesystem paths if the administrator
has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths.
This flaw effectively reverts a security feature in the kernel (in particular,
the /proc/self/
References: web.nvd. nist.gov/ view/vuln/ detail? vulnId= CVE-2018- 7169 www.cvedetails. com/cve/ CVE-2018- 7169/ /bugs.launchpad .net/ubuntu/ +source/ shadow/ +bug/1729357
http://
http://
https:/