CVE-2019-15793
Mishandling of file-system uid/gid with namespaces in shiftfs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
En shiftfs, un parche no upstream para el Kernel de Linux incluido en las series kernel de Ubuntu versiones 5.0 y 5.3, varias ubicaciones que desplazan los ids traducen los ids de usuario/grupo antes de realizar operaciones en el sistema de archivos inferior los estaban traduciendo a init_user_ns, mientras que deberían haber sido traducidos a s_user_ns para el sistema de archivos inferior. Esto dio lugar a que se utilizaran ids distintos de los previstos en los fs inferiores, que probablemente no se mapearon en los shifts s_user_ns. Un atacante local podría usar esto para posiblemente eludir los permisos de control de acceso discrecional.
Ubuntu suffers from refcount underflow and type confusion vulnerabilities in shiftfs.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-29 CVE Reserved
- 2019-11-13 CVE Published
- 2019-11-20 First Exploit
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-276: Incorrect Default Permissions
- CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://usn.ubuntu.com/usn/usn-4183-1 | Third Party Advisory | |
https://usn.ubuntu.com/usn/usn-4184-1 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/47693 | 2019-11-20 |
URL | Date | SRC |
---|---|---|
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bb | 2020-05-01 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.0 Search vendor "Linux" for product "Linux Kernel" and version "5.0" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.3 Search vendor "Linux" for product "Linux Kernel" and version "5.3" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
|