CVE-2018-1113 - OpenCVE

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Setup Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server
Fedoraproject	Fedora

Configuration 1 [-]

AND

cpe:2.3:a:redhat:setup:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:fedoraproject:fedora:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

References

Link	Resource
https://access.redhat.com/errata/RHBA-2019:0327	Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3249	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-02T18:00:00

Updated: 2019-04-24T05:06:03

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1113

JSON object: View

NVD Information

Status : Modified

Published: 2018-07-03T01:29:00.690

Modified: 2019-10-09T23:38:07.693

Link: CVE-2018-1113

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "setup", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "setup 2.11.4-1.fc28"}]}], "datePublic": "2018-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-24T05:06:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2018:3249", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3249"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113"}, {"name": "RHBA-2019:0327", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1113", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "setup", "version": {"version_data": [{"version_value": "setup 2.11.4-1.fc28"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system."}]}, "impact": {"cvss": [[{"vectorString": "4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:3249", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3249"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113"}, {"name": "RHBA-2019:0327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:0327"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1113", "datePublished": "2018-07-02T18:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2019-04-24T05:06:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:setup:*:*:*:*:*:*:*:*", "matchCriteriaId": "446872AD-2412-41A9-BE1A-99C0CC48941A", "versionEndExcluding": "2.11.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F7347E2-C2A4-4230-A1BC-F6FE93943D4F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system."}, {"lang": "es", "value": "setup en versiones anteriores a la 2.11.4-1.fc28 en Fedora y Red Hat Enterprise Linux a\u00f1ad\u00eda /sbin/nologin y /usr/sbin/nologin a /etc/shells. Esto viola las asunciones de seguridad realizadas por pam_shells y algunos demonios, lo que permite el acceso en base a que el shell de un usuario se lista en /etc/shells. En algunas circunstancias, los usuarios a los que se les haya cambiado el shell a /sbin/nologin podr\u00edan seguir siendo capaces de acceder al sistema."}], "id": "CVE-2018-1113", "lastModified": "2019-10-09T23:38:07.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 3.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-07-03T01:29:00.690", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3249"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "secalert@redhat.com", "type": "Secondary"}]}