Lucene search

Veracode Vulnerability DatabaseVERACODE:19524

HistoryMay 16, 2019 - 3:18 a.m.

Privilege Escalation

2019-05-1603:18:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

0.4%

JSON

Linux kernel is vulnerable to privilege escalation vulnerability. This exists in the function inode_init_owner of the file fs/inode.c. Local users could create files with an unintended group ownership and SGID permission bits set, when a directory is SGID and belongs to a certain group and is writable by an individual who is not in this group causing an excessive permission grant issue.

CPENameOperatorVersion
kerneleq2.6.32__696.1.1.bgq.el6
kerneleq2.6.32__220.4.4.bgq.el6
kerneleq2.6.32__696.28.1.el6
kerneleq3.10.0__693.el7
kerneleq2.6.32__358.6.1.el6
kerneleq2.6.32__642.6.2.el6
kerneleq2.6.32__431.40.2.el6
kerneleq2.6.32__642.3.1.el6
kerneleq2.6.32__131.17.1.el6
kerneleq2.6.32__71.18.2.el6

Name	Operator	Version
kernel	eq	2.6.32__696.1.1.bgq.el6
kernel	eq	2.6.32__220.4.4.bgq.el6
kernel	eq	2.6.32__696.28.1.el6
kernel	eq	3.10.0__693.el7
kernel	eq	2.6.32__358.6.1.el6
kernel	eq	2.6.32__642.6.2.el6
kernel	eq	2.6.32__431.40.2.el6
kernel	eq	2.6.32__642.3.1.el6
kernel	eq	2.6.32__131.17.1.el6
kernel	eq	2.6.32__71.18.2.el6

Rows per page:

1-10 of 4841

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7

openwall.com/lists/oss-security/2018/07/13/2

www.securityfocus.com/bid/106503

access.redhat.com/articles/3553061

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

access.redhat.com/errata/RHSA-2018:2948

access.redhat.com/errata/RHSA-2018:3083

access.redhat.com/errata/RHSA-2018:3096

access.redhat.com/errata/RHSA-2019:0717

access.redhat.com/errata/RHSA-2019:2476

access.redhat.com/errata/RHSA-2019:2566

access.redhat.com/errata/RHSA-2019:2696

access.redhat.com/errata/RHSA-2019:2730

access.redhat.com/errata/RHSA-2019:4159

access.redhat.com/errata/RHSA-2019:4164

access.redhat.com/security/cve/CVE-2017-18360

access.redhat.com/security/cve/CVE-2018-18690

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1322930

bugzilla.redhat.com/show_bug.cgi?id=1488484

bugzilla.redhat.com/show_bug.cgi?id=1504058

bugzilla.redhat.com/show_bug.cgi?id=1507027

bugzilla.redhat.com/show_bug.cgi?id=1542494

bugzilla.redhat.com/show_bug.cgi?id=1557434

bugzilla.redhat.com/show_bug.cgi?id=1557599

bugzilla.redhat.com/show_bug.cgi?id=1558328

bugzilla.redhat.com/show_bug.cgi?id=1561162

bugzilla.redhat.com/show_bug.cgi?id=1563697

bugzilla.redhat.com/show_bug.cgi?id=1564186

bugzilla.redhat.com/show_bug.cgi?id=1568167

bugzilla.redhat.com/show_bug.cgi?id=1572983

bugzilla.redhat.com/show_bug.cgi?id=1584775

bugzilla.redhat.com/show_bug.cgi?id=1592654

bugzilla.redhat.com/show_bug.cgi?id=1609717

git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406

github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7

lists.debian.org/debian-lts-announce/2018/08/msg00014.html

lists.fedoraproject.org/archives/list/[email protected]/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/

lists.fedoraproject.org/archives/list/[email protected]/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/

support.f5.com/csp/article/K00854051

twitter.com/grsecurity/status/1015082951204327425

usn.ubuntu.com/3752-1/

usn.ubuntu.com/3752-2/

usn.ubuntu.com/3752-3/

usn.ubuntu.com/3753-1/

usn.ubuntu.com/3753-2/

usn.ubuntu.com/3754-1/

www.debian.org/security/2018/dsa-4266

www.exploit-db.com/exploits/45033/

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for VERACODE:19524