CVE-2018-6558

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-6558

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6558.json

Aliases

GHSA-qj26-7grj-whg3
GO-2020-0027

Published

2018-08-23T19:29:01Z

Modified

2023-11-29T06:41:45.806887Z

Details

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).

References

https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b
https://github.com/google/fscrypt/commit/315f9b042237200174a1fb99427f74027e191d66
https://launchpad.net/bugs/1787548
https://github.com/google/fscrypt/issues/77

Affected packages

Git / github.com/google/fscrypt

Affected ranges

Type: GIT
Repo: https://github.com/google/fscrypt
Events: Introduced

0The exact introduced commit is unknown

Fixed

315f9b042237200174a1fb99427f74027e191d66

Fixed

3022c1603d968c22f147b4a2c49c4637dd1be91b

Affected versions

0.*

0.1.0

0.2.0

0.2.1

0.2.2

v0.*

v0.1.0

v0.2.0

v0.2.1

v0.2.2

v0.2.3