GHSA-qj26-7grj-whg3

Source

https://github.com/advisories/GHSA-qj26-7grj-whg3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-qj26-7grj-whg3/GHSA-qj26-7grj-whg3.json

Aliases

CVE-2018-6558
GO-2020-0027

Published

2021-06-23T17:18:49Z

Modified

2023-11-08T04:00:21.512630Z

Details

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).

References

https://nvd.nist.gov/vuln/detail/CVE-2018-6558
https://github.com/google/fscrypt/issues/77
https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b
https://github.com/google/fscrypt/commit/315f9b042237200174a1fb99427f74027e191d66
https://github.com/google/fscrypt
https://launchpad.net/bugs/1787548
https://pkg.go.dev/vuln/GO-2020-0027

Affected packages

Go / github.com/google/fscrypt

Package

Name: github.com/google/fscrypt

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.2.4