CVE-2018-7169

{"id": "CVE-2018-7169", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-02-15T20:29:00.867", "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201805-09", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation."}, {"lang": "es", "value": "Se ha descubierto un problema en shadow 4.5. newgidmap (en shadow-utils) es setuid y permite que un usuario no privilegiado se coloque en un espacio de nombres de usuario en el que setgroups(2) est\u00e1 permitido. Esto permite que un atacante se autoelimine de un grupo suplementario, lo que podr\u00eda permitir el acceso a ciertas rutas del sistema de archivos si el administrador ha empleado \"listas negras de grupos\" (por ejemplo, chmod g-rwx) para restringir el acceso a las rutas. Este error revierte de forma efectiva una caracter\u00edstica de seguridad en el kernel (en particular, en el mando /proc/self/setgroups) para evitar este tipo de escalado de privilegios."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:shadow_project:shadow:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1766AADA-8952-44C7-8119-C4E575BACBE5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}