cbcvebase.
CVE-2018-13405
published 2018-07-06

CVE-2018-13405: The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Affected

126 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianlinux< linux 4.17.6-1 (bookworm)linux 4.17.6-1 (bookworm)
debianlinux< linux 5.14.6-1 (bookworm)linux 5.14.6-1 (bookworm)
debianqemu< qemu 1:7.0+dfsg-1 (bookworm)qemu 1:7.0+dfsg-1 (bookworm)
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager>= 13.0.0 < 13.1.3.513.1.3.5
f5big-ip_access_policy_manager>= 14.0.0 < 14.1.3.114.1.3.1
f5big-ip_access_policy_manager>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_firewall_manager>= 13.0.0 < 13.1.3.513.1.3.5
f5big-ip_advanced_firewall_manager>= 14.0.0 < 14.1.3.114.1.3.1
f5big-ip_advanced_firewall_manager>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_analytics
f5big-ip_analytics
f5big-ip_analytics>= 13.0.0 < 13.1.3.513.1.3.5
f5big-ip_analytics>= 14.0.0 < 14.1.3.114.1.3.1
f5big-ip_analytics>= 15.0.0 < 15.0.1.415.0.1.4

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH