Astra Linux - уязвимость в shadow

A vulnerability was discovered in Shadow 4.5. The newgidmap function part of shadow-utils is setuid, allowing an unprivileged user to be placed in a user namespace where setgroups2 is allowed. This enables an attacker to remove themselves from a supplementary group, potentially granting them acce...

Siemens Ruggedcom ROX Privilege Dropping (CVE-2018-7169)

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

SUSE CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

CLSA-2022-1643637259 Fix CVE(s): CVE-2017-12424, CVE-2018-7169

SECURITY UPDATE: Crash or buffer overflow - debian/patches/CVE-2017-12424.patch: fix buffer overflow if NULL line is present in db in lib/commonio.c. - CVE-2017-12424 SECURITY UPDATE: Access to privileged information - debian/patches/CVE-2018-7169.patch: newgidmap: enforce setgroups=deny if...

Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Nested User Namespace idmap Limit Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in Linux kernels...

Updated shadow-utils packages fix security vulnerability

Privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups2 is allowed CVE-2018-7169...

openSUSE Security Update : shadow (openSUSE-2018-249)

This update for shadow fixes the following issues : - CVE-2018-7169: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups2 is allowed. bsc1081294 This update was imported from the SUSE:SLE-12-SP2:Update update project...

CVE-2018-7169

An issue was discovered in newgidmap, in shadow-utils, that allows an unprivileged user to be placed in a user namespace where setgroups is permitted. An attacker could use this flaw to remove himself from a supplementary group, which may allow access to certain filesystem paths, if the...

CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

UBUNTU-CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...

DEBIAN-CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...