Launchpad has imported 5 comments from the remote bug at https://bugzilla.opensuse.org/show_bug.cgi?id=1081294.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2018-02-16T08:33:35+00:00 Kbabioch-b wrote: CVE-2018-7169 An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7169 http://www.cvedetails.com/cve/CVE-2018-7169/ https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 Reply at: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/comments/26 ------------------------------------------------------------------------ On 2018-02-16T08:38:46+00:00 Kbabioch-b wrote: SUSE:SLE-12:Update is not affected, since newgidmap was only introduced with 4.2.1. We still ship 4.1.5.1. Reply at: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/comments/27 ------------------------------------------------------------------------ On 2018-02-16T08:49:09+00:00 Kbabioch-b wrote: Fixed for Factory: sr#577189 Reply at: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/comments/28 ------------------------------------------------------------------------ On 2018-02-16T10:34:16+00:00 Mvetter wrote: Thanks for adding the patch. SR accepted. Forwarded to Factory as SR#577204. Reply at: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/comments/29 ------------------------------------------------------------------------ On 2018-02-16T15:03:45+00:00 Kbabioch-b wrote: Didn't realize that we backported this feature to our SLE12 codestream. Applied the patch there, too: sr#155145 Reply at: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/comments/30 ** Changed in: shadow (openSUSE) Status: Unknown => Confirmed ** Changed in: shadow (openSUSE) Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729357 Title: unprivileged user can drop supplementary groups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
