CVE-2018-13405
First published: Thu Jul 05 2018(Updated: )
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-754.12.1.el6 | 0:2.6.32-754.12.1.el6 |
| redhat/kernel | <0:2.6.32-504.80.2.el6 | 0:2.6.32-504.80.2.el6 |
| redhat/kernel-rt | <0:3.10.0-957.rt56.910.el7 | 0:3.10.0-957.rt56.910.el7 |
| redhat/kernel-alt | <0:4.14.0-115.el7a | 0:4.14.0-115.el7a |
| redhat/kernel | <0:3.10.0-957.el7 | 0:3.10.0-957.el7 |
| redhat/kernel | <0:3.10.0-327.83.1.el7 | 0:3.10.0-327.83.1.el7 |
| redhat/kernel | <0:3.10.0-514.71.1.el7 | 0:3.10.0-514.71.1.el7 |
| redhat/kernel | <0:3.10.0-693.58.1.el7 | 0:3.10.0-693.58.1.el7 |
| redhat/kernel | <0:3.10.0-862.41.1.el7 | 0:3.10.0-862.41.1.el7 |
| redhat/kernel-rt | <1:3.10.0-693.58.1.rt56.652.el6 | 1:3.10.0-693.58.1.rt56.652.el6 |
| Android | ||
| Linux Kernel | <=3.16 | |
| Debian Linux | =8.0 | |
| Debian Linux | =9.0 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Red Hat Fedora | =34 | |
| Red Hat Fedora | =35 | |
| Red Hat MRG Realtime | =2.0 | |
| Red Hat Enterprise Virtualization | =4.0 | |
| Red Hat Enterprise Linux | =7.4 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server EUS | =7.4 | |
| Red Hat Enterprise Linux Server EUS | =7.5 | |
| Red Hat Enterprise Linux for Real Time | =7 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =6.6 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| F5 Access Policy Manager | >=13.0.0<13.1.3.5 | |
| F5 Access Policy Manager | >=14.0.0<14.1.3.1 | |
| F5 Access Policy Manager | >=15.0.0<15.0.1.4 | |
| F5 Access Policy Manager | =15.1.0 | |
| F5 Access Policy Manager | =16.0.0 | |
| F5 BIG-IP Advanced Firewall Manager | >=13.0.0<13.1.3.5 | |
| F5 BIG-IP Advanced Firewall Manager | >=14.0.0<14.1.3.1 | |
| F5 BIG-IP Advanced Firewall Manager | >=15.0.0<15.0.1.4 | |
| F5 BIG-IP Advanced Firewall Manager | =15.1.0 | |
| F5 BIG-IP Advanced Firewall Manager | =16.0.0 | |
| F5 BIG-IP Analytics | >=13.0.0<13.1.3.5 | |
| F5 BIG-IP Analytics | >=14.0.0<14.1.3.1 | |
| F5 BIG-IP Analytics | >=15.0.0<15.0.1.4 | |
| F5 BIG-IP Analytics | =15.1.0 | |
| F5 BIG-IP Analytics | =16.0.0 | |
| F5 BIG-IP Application Acceleration Manager | >=13.0.0<13.1.3.5 | |
| F5 BIG-IP Application Acceleration Manager | >=14.0.0<14.1.3.1 | |
| F5 BIG-IP Application Acceleration Manager | >=15.0.0<15.0.1.4 | |
| F5 BIG-IP Application Acceleration Manager | =15.1.0 | |
| F5 BIG-IP Application Acceleration Manager | =16.0.0 | |
| F5 Application Security Manager | >=13.0.0<13.1.3.5 | |
| F5 Application Security Manager | >=14.0.0<14.1.3.1 | |
| F5 Application Security Manager | >=15.0.0<15.0.1.4 | |
| F5 Application Security Manager | =15.1.0 | |
| F5 Application Security Manager | =16.0.0 | |
| F5 BIG-IP | >=13.0.0<13.1.3.5 | |
| F5 BIG-IP | >=14.0.0<14.1.3.1 | |
| F5 BIG-IP | >=15.0.0<15.0.1.4 | |
| F5 BIG-IP | =15.1.0 | |
| F5 BIG-IP | =16.0.0 | |
| F5 BIG-IP Edge Gateway | >=13.0.0<13.1.3.5 | |
| F5 BIG-IP Edge Gateway | >=14.0.0<14.1.3.1 | |
| F5 BIG-IP Edge Gateway | >=15.0.0<15.0.1.4 | |
| F5 BIG-IP Edge Gateway | =15.1.0 | |
| F5 BIG-IP Edge Gateway | =16.0.0 | |
| F5 BIG-IP Fraud Protection Service | >=13.0.0<13.1.3.5 | |
| F5 BIG-IP Fraud Protection Service | >=14.0.0<14.1.3.1 | |
| F5 BIG-IP Fraud Protection Service | >=15.0.0<15.0.1.4 | |
| F5 BIG-IP Fraud Protection Service | =15.1.0 | |
| F5 BIG-IP Fraud Protection Service | =16.0.0 | |
| Riverbed SteelApp Traffic Manager | >=13.0.0<13.1.3.5 | |
| Riverbed SteelApp Traffic Manager | >=14.0.0<14.1.3.1 | |
| Riverbed SteelApp Traffic Manager | >=15.0.0<15.0.1.4 | |
| Riverbed SteelApp Traffic Manager | =15.1.0 | |
| Riverbed SteelApp Traffic Manager | =16.0.0 | |
| F5 BIG-IP Link Controller | >=13.0.0<13.1.3.5 | |
| F5 BIG-IP Link Controller | >=14.0.0<14.1.3.1 | |
| F5 BIG-IP Link Controller | >=15.0.0<15.0.1.4 | |
| F5 BIG-IP Link Controller | =15.1.0 | |
| F5 BIG-IP Link Controller | =16.0.0 | |
| Riverbed SteelApp Traffic Manager | >=13.0.0<13.1.3.5 | |
| Riverbed SteelApp Traffic Manager | >=14.0.0<14.1.3.1 | |
| Riverbed SteelApp Traffic Manager | >=15.0.0<15.0.1.4 | |
| Riverbed SteelApp Traffic Manager | =15.1.0 | |
| Riverbed SteelApp Traffic Manager | =16.0.0 | |
| F5 BIG-IP Policy Enforcement Manager | >=13.0.0<13.1.3.5 | |
| F5 BIG-IP Policy Enforcement Manager | >=14.0.0<14.1.3.1 | |
| F5 BIG-IP Policy Enforcement Manager | >=15.0.0<15.0.1.4 | |
| F5 BIG-IP Policy Enforcement Manager | =15.1.0 | |
| F5 BIG-IP Policy Enforcement Manager | =16.0.0 | |
| F5 BIG-IP WebAccelerator | >=13.0.0<13.1.3.5 | |
| F5 BIG-IP WebAccelerator | >=14.0.0<14.1.3.1 | |
| F5 BIG-IP WebAccelerator | >=15.0.0<15.0.1.4 | |
| F5 BIG-IP WebAccelerator | =15.1.0 | |
| F5 BIG-IP WebAccelerator | =16.0.0 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.135-1 6.12.25-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2018-13405 https://nvd.nist.gov/vuln/detail/CVE-2018-13405
- https://bugzilla.redhat.com/show_bug.cgi?id=1599161
- https://access.redhat.com/errata/RHSA-2019:0717
- https://access.redhat.com/errata/RHSA-2019:2476
- https://access.redhat.com/errata/RHSA-2018:3096
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2019:4164
- https://access.redhat.com/errata/RHSA-2019:4159
- https://access.redhat.com/errata/RHSA-2019:2696
- https://access.redhat.com/errata/RHSA-2019:2566
- https://access.redhat.com/errata/RHSA-2019:2730
- https://access.redhat.com/security/cve/CVE-2018-13405
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
- http://openwall.com/lists/oss-security/2018/07/13/2
- http://www.securityfocus.com/bid/106503
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406
- https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
- https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/
- https://support.f5.com/csp/article/K00854051
- https://twitter.com/grsecurity/status/1015082951204327425
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://usn.ubuntu.com/3753-1/
- https://usn.ubuntu.com/3753-2/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2018/dsa-4266
- https://www.exploit-db.com/exploits/45033/
- https://launchpad.net/bugs/cve/CVE-2018-13405
- http://seclists.org/oss-sec/2018/q3/35
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1599162
- https://www.kernel.org/doc/Documentation/filesystems/xfs.txt
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/
- https://source.android.com/docs/security/bulletin/2019-01-01 (Advisory)
- https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
- https://www.openwall.com/lists/oss-security/2018/07/13/2
- https://security-tracker.debian.org/tracker/CVE-2018-13405
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13405
- https://nvd.nist.gov/vuln/detail/CVE-2018-13405
- https://ubuntu.com/security/CVE-2018-13405
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2018-13405?
CVE-2018-13405 is classified as a medium severity vulnerability due to its potential impact on file permissions.
How does CVE-2018-13405 affect Linux kernel versions?
CVE-2018-13405 affects several versions of the Linux kernel, particularly those prior to specific patched releases.
How do I fix CVE-2018-13405?
To fix CVE-2018-13405, upgrade to a kernel version that includes the patch for this vulnerability.
Who is affected by CVE-2018-13405?
Local users on systems running vulnerable versions of the Linux kernel can exploit CVE-2018-13405.
What are the potential consequences of CVE-2018-13405?
CVE-2018-13405 could allow local users to create files with unintended group ownership and permissions, potentially compromising system security.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-13405
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/trending
- agent/last-modified-date
- agent/source
- agent/author
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/event
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/google
- canonical/android
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.16
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- version/debian linux/9.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/34
- version/red hat fedora/35
- vendor/redhat
- canonical/red hat mrg realtime
- version/red hat mrg realtime/2.0
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/4.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.4
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/7.4
- version/red hat enterprise linux server eus/7.5
- canonical/red hat enterprise linux for real time
- version/red hat enterprise linux for real time/7
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/6.6
- version/red hat enterprise linux server/7.2
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0
- vendor/f5
- canonical/f5 access policy manager
- version/f5 access policy manager/13.0.0
- version/f5 access policy manager/14.0.0
- version/f5 access policy manager/15.0.0
- version/f5 access policy manager/15.1.0
- version/f5 access policy manager/16.0.0
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/13.0.0
- version/f5 big-ip advanced firewall manager/14.0.0
- version/f5 big-ip advanced firewall manager/15.0.0
- version/f5 big-ip advanced firewall manager/15.1.0
- version/f5 big-ip advanced firewall manager/16.0.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/13.0.0
- version/f5 big-ip analytics/14.0.0
- version/f5 big-ip analytics/15.0.0
- version/f5 big-ip analytics/15.1.0
- version/f5 big-ip analytics/16.0.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/13.0.0
- version/f5 big-ip application acceleration manager/14.0.0
- version/f5 big-ip application acceleration manager/15.0.0
- version/f5 big-ip application acceleration manager/15.1.0
- version/f5 big-ip application acceleration manager/16.0.0
- canonical/f5 application security manager
- version/f5 application security manager/13.0.0
- version/f5 application security manager/14.0.0
- version/f5 application security manager/15.0.0
- version/f5 application security manager/15.1.0
- version/f5 application security manager/16.0.0
- canonical/f5 big-ip
- version/f5 big-ip/13.0.0
- version/f5 big-ip/14.0.0
- version/f5 big-ip/15.0.0
- version/f5 big-ip/15.1.0
- version/f5 big-ip/16.0.0
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/13.0.0
- version/f5 big-ip edge gateway/14.0.0
- version/f5 big-ip edge gateway/15.0.0
- version/f5 big-ip edge gateway/15.1.0
- version/f5 big-ip edge gateway/16.0.0
- canonical/f5 big-ip fraud protection service
- version/f5 big-ip fraud protection service/13.0.0
- version/f5 big-ip fraud protection service/14.0.0
- version/f5 big-ip fraud protection service/15.0.0
- version/f5 big-ip fraud protection service/15.1.0
- version/f5 big-ip fraud protection service/16.0.0
- canonical/riverbed steelapp traffic manager
- version/riverbed steelapp traffic manager/13.0.0
- version/riverbed steelapp traffic manager/14.0.0
- version/riverbed steelapp traffic manager/15.0.0
- version/riverbed steelapp traffic manager/15.1.0
- version/riverbed steelapp traffic manager/16.0.0
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/13.0.0
- version/f5 big-ip link controller/14.0.0
- version/f5 big-ip link controller/15.0.0
- version/f5 big-ip link controller/15.1.0
- version/f5 big-ip link controller/16.0.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/13.0.0
- version/f5 big-ip policy enforcement manager/14.0.0
- version/f5 big-ip policy enforcement manager/15.0.0
- version/f5 big-ip policy enforcement manager/15.1.0
- version/f5 big-ip policy enforcement manager/16.0.0
- canonical/f5 big-ip webaccelerator
- version/f5 big-ip webaccelerator/13.0.0
- version/f5 big-ip webaccelerator/14.0.0
- version/f5 big-ip webaccelerator/15.0.0
- version/f5 big-ip webaccelerator/15.1.0
- version/f5 big-ip webaccelerator/16.0.0
- package-manager/debian