what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

CVE-2018-13405

Status Candidate

Overview

The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Related Files

Red Hat Security Advisory 2019-4159-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4159-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-1000112, CVE-2017-7184, CVE-2018-1068, CVE-2018-13405, CVE-2018-18559, CVE-2018-9568, CVE-2019-5489
MD5 | 9eac7cbde2fc8694f5268f5946636adf
Red Hat Security Advisory 2019-4164-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4164-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A memory corruption vulnerability has been addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-13405, CVE-2018-9568, CVE-2019-5489
MD5 | e5d61f545283b1ee39d417495ff0faab
Red Hat Security Advisory 2019-2730-01
Posted Sep 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2730-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-13405, CVE-2018-16871, CVE-2018-16884, CVE-2018-9568, CVE-2019-1125
MD5 | e1a3819582cad06bef70297a2f1f576c
Red Hat Security Advisory 2019-2696-01
Posted Sep 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2696-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-13405, CVE-2018-16871, CVE-2018-16884, CVE-2018-9568, CVE-2019-1125
MD5 | 12bae21d208efe9e41f13378a3d676e1
Red Hat Security Advisory 2019-2566-01
Posted Aug 27, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2566-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An issue was addressed where a missing check in fs/inode.c:inode_init_owner() did not clear SGID bit on non-directories for non-members.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-13405
MD5 | f04e077023b9a7942060c9c8a3c74878
Red Hat Security Advisory 2019-2476-01
Posted Aug 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2476-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-13405, CVE-2019-1125
MD5 | 8fa5c2f8e71536e6ec1b03c22b52a11e
Red Hat Security Advisory 2019-0717-01
Posted Apr 9, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0717-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a null pointer vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-13405
MD5 | 9317774103507939fc5267de2d62e87f
Red Hat Security Advisory 2018-3083-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3083-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740
MD5 | a6d84db31a182b168784c89134030a6b
Red Hat Security Advisory 2018-3096-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3096-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740
MD5 | 394199cc489bc6f17933c36959a1a58a
Kernel Live Patch Security Notice LSN-0043-1
Posted Sep 11, 2018
Authored by Benjamin M. Romer

Piotr Gabriel Kosinski and Daniel Shapira discovered a stack-based buffer overflow in the CDROM driver implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues have also been addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux
advisories | CVE-2018-11412, CVE-2018-11506, CVE-2018-12233, CVE-2018-13405, CVE-2018-13406
MD5 | 15d9cf4ac6ec9024e548bcb059849043
Ubuntu Security Notice USN-3752-3
Posted Aug 29, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3752-3 - It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1000200, CVE-2018-1000204, CVE-2018-10323, CVE-2018-10840, CVE-2018-10881, CVE-2018-1093, CVE-2018-1108, CVE-2018-1120, CVE-2018-11412, CVE-2018-11506, CVE-2018-12232, CVE-2018-12233, CVE-2018-12904, CVE-2018-13094, CVE-2018-13405, CVE-2018-13406, CVE-2018-5814, CVE-2018-9415
MD5 | 20c040051bfb9ac9dcc779b4d308caef
Ubuntu Security Notice USN-3753-1
Posted Aug 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3753-1 - It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-13168, CVE-2018-10877, CVE-2018-10879, CVE-2018-10881, CVE-2018-12233, CVE-2018-13094, CVE-2018-13405, CVE-2018-13406
MD5 | cf3741f7e3e80b17a174f1f6f5ad3137
Ubuntu Security Notice USN-3752-2
Posted Aug 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3752-2 - USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1000200, CVE-2018-1000204, CVE-2018-10323, CVE-2018-10840, CVE-2018-10881, CVE-2018-1093, CVE-2018-1108, CVE-2018-1120, CVE-2018-11412, CVE-2018-11506, CVE-2018-12232, CVE-2018-12233, CVE-2018-12904, CVE-2018-13094, CVE-2018-13405, CVE-2018-13406, CVE-2018-5814, CVE-2018-9415
MD5 | 91c44e956ab995ed6b9251ca5ef384c1
Ubuntu Security Notice USN-3752-1
Posted Aug 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3752-1 - It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1000200, CVE-2018-1000204, CVE-2018-10323, CVE-2018-10840, CVE-2018-10881, CVE-2018-1093, CVE-2018-1108, CVE-2018-1120, CVE-2018-11412, CVE-2018-11506, CVE-2018-12232, CVE-2018-12233, CVE-2018-12904, CVE-2018-13094, CVE-2018-13405, CVE-2018-13406, CVE-2018-5814, CVE-2018-9415
MD5 | 87777064ee88c75fe68909aa01bf4c16
Ubuntu Security Notice USN-3753-2
Posted Aug 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3753-2 - USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-13168, CVE-2018-10877, CVE-2018-10879, CVE-2018-10881, CVE-2018-12233, CVE-2018-13094, CVE-2018-13405, CVE-2018-13406
MD5 | 234bbf68693ec95d96dfc20c3d73c2de
Kernel Live Patch Security Notice LSN-0041-1
Posted Aug 10, 2018
Authored by Benjamin M. Romer

The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux
advisories | CVE-2018-1094, CVE-2018-11506, CVE-2018-13094, CVE-2018-13405, CVE-2018-5390
MD5 | fc944208680854f3168be2702b530c3b
Debian Security Advisory 4266-1
Posted Aug 7, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4266-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2018-13405, CVE-2018-5390
MD5 | fd149235f5f3d7399795b4610222711d
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    22 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close