Improper Preservation of Permissions

CVE-2018-6558

Medium

6.5/10

Summary

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-281 - Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

Advisory
Advisory
Other
Issue
Issue
Pull request

Advisory Timeline

Published Aug 23, 2018

Improper Preservation of Permissions

CVE-2018-6558

Summary

CWE-281 - Improper Preservation of Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS