CVE-2018-13405
Summary
| CVE | CVE-2018-13405 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-06 14:29:00 UTC |
| Updated | 2023-11-07 02:52:00 UTC |
| Description | The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | All | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Analytics | All | All | All | All |
| Application | F5 | Big-ip Analytics | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Analytics | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | All | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | All | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Domain Name System | All | All | All | All |
| Application | F5 | Big-ip Domain Name System | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Domain Name System | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Edge Gateway | All | All | All | All |
| Application | F5 | Big-ip Edge Gateway | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Edge Gateway | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | All | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | All | All | All | All |
| Application | F5 | Big-ip Link Controller | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | All | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 16.0.0 | All | All | All |
| Application | F5 | Big-ip Webaccelerator | All | All | All | All |
| Application | F5 | Big-ip Webaccelerator | 15.1.0 | All | All | All |
| Application | F5 | Big-ip Webaccelerator | 16.0.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Real Time | 7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Mrg Realtime | 2.0 | All | All | All |
| Application | Redhat | Virtualization | 4.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] [DLA 1466-1] linux-4.9 security update | MLIST | lists.debian.org | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| [SECURITY] Fedora 34 Update: qemu-5.2.0-9.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: qemu-6.1.0-14.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| USN-3752-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| USN-3752-2: Linux kernel (HWE) vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| oss-security - CVE-2018-13405: Linux kernel: fs/inode.c:inode_init_owner() function mishandled a file creation in setgid directories | MISC | openwall.com | Mailing List, Patch, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| support.f5.com/csp/article/K00854051 | CONFIRM | support.f5.com | |
| [SECURITY] Fedora 35 Update: qemu-6.1.0-14.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Debian -- Security Information -- DSA-4266-1 linux | DEBIAN | www.debian.org | Third Party Advisory |
| grsecurity na Twitterze: "https://t.co/GPxUFmhVrZ… " | MISC | twitter.com | Third Party Advisory |
| Linux Kernel Components Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| Fix up non-directory creation in SGID directories · torvalds/linux@0fa3ecd · GitHub | MISC | github.com | Patch, Third Party Advisory |
| kernel/git/torvalds/linux.git - Linux kernel source tree | MISC | git.kernel.org | Patch, Vendor Advisory |
| USN-3752-3: Linux kernel (Azure, GCP, OEM) vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| kernel/git/tip/tip.git - Unnamed repository; edit this file 'description' to name the repository. | CONFIRM | git.kernel.org | |
| USN-3754-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| USN-3753-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| [SECURITY] Fedora 34 Update: qemu-5.2.0-9.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 257226 CentOS Security Update for kernel (CESA-2023:1091)
- 282383 Fedora Security Update for qemu (FEDORA-2022-3a60c34473)
- 282444 Fedora Security Update for qemu (FEDORA-2022-5d0676b098)
- 354314 Amazon Linux Security Advisory for qemu : ALAS2022-2022-050
- 377413 Alibaba Cloud Linux Security Update for virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0119)
- 751336 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1460-1)
- 751342 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3641-1)
- 751346 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3655-1)
- 751349 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1477-1)
- 751353 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3675-1)
- 751381 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3748-1)
- 751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
- 751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
- 751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
- 751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)