First published: Thu Jul 05 2018(Updated: )
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <0:2.6.32-754.12.1.el6 | 0:2.6.32-754.12.1.el6 |
redhat/kernel | <0:2.6.32-504.80.2.el6 | 0:2.6.32-504.80.2.el6 |
redhat/kernel-rt | <0:3.10.0-957.rt56.910.el7 | 0:3.10.0-957.rt56.910.el7 |
redhat/kernel-alt | <0:4.14.0-115.el7a | 0:4.14.0-115.el7a |
redhat/kernel | <0:3.10.0-957.el7 | 0:3.10.0-957.el7 |
redhat/kernel | <0:3.10.0-327.83.1.el7 | 0:3.10.0-327.83.1.el7 |
redhat/kernel | <0:3.10.0-514.71.1.el7 | 0:3.10.0-514.71.1.el7 |
redhat/kernel | <0:3.10.0-693.58.1.el7 | 0:3.10.0-693.58.1.el7 |
redhat/kernel | <0:3.10.0-862.41.1.el7 | 0:3.10.0-862.41.1.el7 |
redhat/kernel-rt | <1:3.10.0-693.58.1.rt56.652.el6 | 1:3.10.0-693.58.1.rt56.652.el6 |
Linux Linux kernel | <=3.16 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Redhat Mrg Realtime | =2.0 | |
Redhat Virtualization | =4.0 | |
Redhat Enterprise Linux Aus | =7.4 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Eus | =7.4 | |
Redhat Enterprise Linux Eus | =7.5 | |
Redhat Enterprise Linux For Real Time | =7 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =6.6 | |
Redhat Enterprise Linux Server Aus | =7.2 | |
Redhat Enterprise Linux Server Aus | =7.3 | |
Redhat Enterprise Linux Server Tus | =7.2 | |
Redhat Enterprise Linux Server Tus | =7.3 | |
Redhat Enterprise Linux Server Tus | =7.4 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
F5 BIG-IP Access Policy Manager | >=13.0.0<13.1.3.5 | |
F5 BIG-IP Access Policy Manager | >=14.0.0<14.1.3.1 | |
F5 BIG-IP Access Policy Manager | >=15.0.0<15.0.1.4 | |
F5 BIG-IP Access Policy Manager | =15.1.0 | |
F5 BIG-IP Access Policy Manager | =16.0.0 | |
F5 BIG-IP Advanced Firewall Manager | >=13.0.0<13.1.3.5 | |
F5 BIG-IP Advanced Firewall Manager | >=14.0.0<14.1.3.1 | |
F5 BIG-IP Advanced Firewall Manager | >=15.0.0<15.0.1.4 | |
F5 BIG-IP Advanced Firewall Manager | =15.1.0 | |
F5 BIG-IP Advanced Firewall Manager | =16.0.0 | |
F5 BIG-IP Analytics | >=13.0.0<13.1.3.5 | |
F5 BIG-IP Analytics | >=14.0.0<14.1.3.1 | |
F5 BIG-IP Analytics | >=15.0.0<15.0.1.4 | |
F5 BIG-IP Analytics | =15.1.0 | |
F5 BIG-IP Analytics | =16.0.0 | |
F5 Big-ip Application Acceleration Manager | >=13.0.0<13.1.3.5 | |
F5 Big-ip Application Acceleration Manager | >=14.0.0<14.1.3.1 | |
F5 Big-ip Application Acceleration Manager | >=15.0.0<15.0.1.4 | |
F5 Big-ip Application Acceleration Manager | =15.1.0 | |
F5 Big-ip Application Acceleration Manager | =16.0.0 | |
F5 BIG-IP Application Security Manager | >=13.0.0<13.1.3.5 | |
F5 BIG-IP Application Security Manager | >=14.0.0<14.1.3.1 | |
F5 BIG-IP Application Security Manager | >=15.0.0<15.0.1.4 | |
F5 BIG-IP Application Security Manager | =15.1.0 | |
F5 BIG-IP Application Security Manager | =16.0.0 | |
F5 Big-ip Domain Name System | >=13.0.0<13.1.3.5 | |
F5 Big-ip Domain Name System | >=14.0.0<14.1.3.1 | |
F5 Big-ip Domain Name System | >=15.0.0<15.0.1.4 | |
F5 Big-ip Domain Name System | =15.1.0 | |
F5 Big-ip Domain Name System | =16.0.0 | |
F5 Big-ip Edge Gateway | >=13.0.0<13.1.3.5 | |
F5 Big-ip Edge Gateway | >=14.0.0<14.1.3.1 | |
F5 Big-ip Edge Gateway | >=15.0.0<15.0.1.4 | |
F5 Big-ip Edge Gateway | =15.1.0 | |
F5 Big-ip Edge Gateway | =16.0.0 | |
F5 Big-ip Fraud Protection Service | >=13.0.0<13.1.3.5 | |
F5 Big-ip Fraud Protection Service | >=14.0.0<14.1.3.1 | |
F5 Big-ip Fraud Protection Service | >=15.0.0<15.0.1.4 | |
F5 Big-ip Fraud Protection Service | =15.1.0 | |
F5 Big-ip Fraud Protection Service | =16.0.0 | |
F5 Big-ip Global Traffic Manager | >=13.0.0<13.1.3.5 | |
F5 Big-ip Global Traffic Manager | >=14.0.0<14.1.3.1 | |
F5 Big-ip Global Traffic Manager | >=15.0.0<15.0.1.4 | |
F5 Big-ip Global Traffic Manager | =15.1.0 | |
F5 Big-ip Global Traffic Manager | =16.0.0 | |
F5 Big-ip Link Controller | >=13.0.0<13.1.3.5 | |
F5 Big-ip Link Controller | >=14.0.0<14.1.3.1 | |
F5 Big-ip Link Controller | >=15.0.0<15.0.1.4 | |
F5 Big-ip Link Controller | =15.1.0 | |
F5 Big-ip Link Controller | =16.0.0 | |
F5 Big-ip Local Traffic Manager | >=13.0.0<13.1.3.5 | |
F5 Big-ip Local Traffic Manager | >=14.0.0<14.1.3.1 | |
F5 Big-ip Local Traffic Manager | >=15.0.0<15.0.1.4 | |
F5 Big-ip Local Traffic Manager | =15.1.0 | |
F5 Big-ip Local Traffic Manager | =16.0.0 | |
F5 Big-ip Policy Enforcement Manager | >=13.0.0<13.1.3.5 | |
F5 Big-ip Policy Enforcement Manager | >=14.0.0<14.1.3.1 | |
F5 Big-ip Policy Enforcement Manager | >=15.0.0<15.0.1.4 | |
F5 Big-ip Policy Enforcement Manager | =15.1.0 | |
F5 Big-ip Policy Enforcement Manager | =16.0.0 | |
F5 Big-ip Webaccelerator | >=13.0.0<13.1.3.5 | |
F5 Big-ip Webaccelerator | >=14.0.0<14.1.3.1 | |
F5 Big-ip Webaccelerator | >=15.0.0<15.0.1.4 | |
F5 Big-ip Webaccelerator | =15.1.0 | |
F5 Big-ip Webaccelerator | =16.0.0 | |
Google Android | ||
ubuntu/linux | <4.15.0-33.36 | 4.15.0-33.36 |
ubuntu/linux | <3.13.0-157.207 | 3.13.0-157.207 |
ubuntu/linux | <4.18~ | 4.18~ |
ubuntu/linux | <4.4.0-134.160 | 4.4.0-134.160 |
ubuntu/linux-aws | <4.15.0-1020.20 | 4.15.0-1020.20 |
ubuntu/linux-aws | <4.4.0-1028.31 | 4.4.0-1028.31 |
ubuntu/linux-aws | <4.18~ | 4.18~ |
ubuntu/linux-aws | <4.4.0-1066.76 | 4.4.0-1066.76 |
ubuntu/linux-azure | <4.15.0-1022.23 | 4.15.0-1022.23 |
ubuntu/linux-azure | <4.18~ | 4.18~ |
ubuntu/linux-azure | <4.15.0-1022.22~16.04.1 | 4.15.0-1022.22~16.04.1 |
ubuntu/linux-azure-edge | <4.18~ | 4.18~ |
ubuntu/linux-azure-edge | <4.15.0-1022.23 | 4.15.0-1022.23 |
ubuntu/linux-euclid | <4.18~ | 4.18~ |
ubuntu/linux-flo | <4.18~ | 4.18~ |
ubuntu/linux-gcp | <4.15.0-1018.19 | 4.15.0-1018.19 |
ubuntu/linux-gcp | <4.18~ | 4.18~ |
ubuntu/linux-gcp | <4.15.0-1018.19~16.04.2 | 4.15.0-1018.19~16.04.2 |
ubuntu/linux-gke | <4.18~ | 4.18~ |
ubuntu/linux-goldfish | <4.18~ | 4.18~ |
ubuntu/linux-grouper | <4.18~ | 4.18~ |
ubuntu/linux-hwe | <4.18~ | 4.18~ |
ubuntu/linux-hwe | <4.15.0-33.36~16.04.1 | 4.15.0-33.36~16.04.1 |
ubuntu/linux-hwe-edge | <4.18~ | 4.18~ |
ubuntu/linux-hwe-edge | <4.15.0-33.36~16.04.1 | 4.15.0-33.36~16.04.1 |
ubuntu/linux-kvm | <4.15.0-1020.20 | 4.15.0-1020.20 |
ubuntu/linux-kvm | <4.18~ | 4.18~ |
ubuntu/linux-kvm | <4.4.0-1032.38 | 4.4.0-1032.38 |
ubuntu/linux-lts-trusty | <4.18~ | 4.18~ |
ubuntu/linux-lts-utopic | <4.18~ | 4.18~ |
ubuntu/linux-lts-vivid | <4.18~ | 4.18~ |
ubuntu/linux-lts-wily | <4.18~ | 4.18~ |
ubuntu/linux-lts-xenial | <4.4.0-134.160~14.04.1 | 4.4.0-134.160~14.04.1 |
ubuntu/linux-lts-xenial | <4.18~ | 4.18~ |
ubuntu/linux-maguro | <4.18~ | 4.18~ |
ubuntu/linux-mako | <4.18~ | 4.18~ |
ubuntu/linux-manta | <4.18~ | 4.18~ |
ubuntu/linux-oem | <4.15.0-1017.20 | 4.15.0-1017.20 |
ubuntu/linux-oem | <4.18~ | 4.18~ |
ubuntu/linux-raspi2 | <4.15.0-1021.23 | 4.15.0-1021.23 |
ubuntu/linux-raspi2 | <4.18~ | 4.18~ |
ubuntu/linux-raspi2 | <4.4.0-1095.103 | 4.4.0-1095.103 |
ubuntu/linux-snapdragon | <4.18~ | 4.18~ |
ubuntu/linux-snapdragon | <4.4.0-1099.104 | 4.4.0-1099.104 |
debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.205-2 6.1.76-1 6.1.85-1 6.6.15-2 6.7.12-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)