Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-13405

CWE-269 — Improper Privilege Management CWE-284 — Improper Access Control CWE-27320 documents11 sources

Severity

7.8HIGH

EPSS

0.2%

top 62.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +25 more

Timeline

PublishedJul 6

Latest updateAug 9

Description

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that gr…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages21 packages

▶NVDlinux/linux_kernel3.16

▶NVDf5/big-ip_local_traffic_manager13.0.0 — 13.1.3.5+4

▶Debianlinux< 4.17.6-1+3

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/enterprise_linux_desktop6.0, 7.0+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.4, 7.5, 7, 6.6, 7.2, 7.3, Fedora 34, 35

Patches

Patch: git.kernel.org ↗Patch: openwall.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-5p56-pcgw-42mf: The inode_init_owner function in fs/inode↗2022-05-13

▶

CVEList

CVE-2018-13405: The inode_init_owner function in fs/inode↗2018-07-06

▶

OSV

CVE-2018-13405: The inode_init_owner function in fs/inode↗2018-07-06

▶

💥Exploits & PoCs

Exploit-DB

Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass↗2018-07-16

▶

📋Vendor Advisories

Microsoft

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and↗2022-08-09

▶

Microsoft

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories sha↗2022-08-09

▶

Red Hat

QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405↗2022-01-25

▶

Red Hat

kernel: security regression for CVE-2018-13405↗2021-09-16

▶

Android

CVE-2018-13405: Filesystem↗2019-01-01

▶

💬Community

Bugzilla

CVE-2018-13405 kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members [fedora-all]↗2018-07-09

▶

Bugzilla

CVE-2018-13405 kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members↗2018-07-09

▶

External resources

NVD MITRE

Affected products28

Canonical Ubuntu Linuxv14.04v16.04v18.04

Debian Debian Linuxv8.0v9.0

F5 Big-ip Access Policy Manager≥ 13.0.0, < 13.1.3.5≥ 14.0.0, < 14.1.3.1≥ 15.0.0, < 15.0.1.4+2 more

F5 Big-ip Advanced Firewall Manager≥ 13.0.0, < 13.1.3.5≥ 14.0.0, < 14.1.3.1≥ 15.0.0, < 15.0.1.4+2 more

F5 Big-ip Analytics≥ 13.0.0, < 13.1.3.5≥ 14.0.0, < 14.1.3.1≥ 15.0.0, < 15.0.1.4+2 more

F5 Big-ip Application Acceleration Manager≥ 13.0.0, < 13.1.3.5≥ 14.0.0, < 14.1.3.1≥ 15.0.0, < 15.0.1.4+2 more

F5 Big-ip Application Security Manager≥ 13.0.0, < 13.1.3.5≥ 14.0.0, < 14.1.3.1≥ 15.0.0, < 15.0.1.4+2 more

F5 Big-ip Domain Name System≥ 13.0.0, < 13.1.3.5≥ 14.0.0, < 14.1.3.1≥ 15.0.0, < 15.0.1.4+2 more

F5 Big-ip Edge Gateway≥ 13.0.0, < 13.1.3.5≥ 14.0.0, < 14.1.3.1≥ 15.0.0, < 15.0.1.4+2 more

F5 Big-ip Fraud Protection Service≥ 13.0.0, < 13.1.3.5≥ 14.0.0, < 14.1.3.1≥ 15.0.0, < 15.0.1.4+2 more

Disclosure

PublishedJul 6, 2018

Latest updateAug 9, 2022