CVE-2018-13405
CVE-2018-13405
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/45033/unverifiedexploitdbwww.exploit-db.com/exploits/45033unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7http://openwall.com/lists/oss-security/2018/07/13/2https://access.redhat.com/errata/RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:3083https://access.redhat.com/errata/RHSA-2018:3096https://access.redhat.com/errata/RHSA-2019:0717https://access.redhat.com/errata/RHSA-2019:2476https://access.redhat.com/errata/RHSA-2019:2566https://access.redhat.com/errata/RHSA-2019:2696https://access.redhat.com/errata/RHSA-2019:2730https://access.redhat.com/errata/RHSA-2019:4159https://access.redhat.com/errata/RHSA-2019:4164