Security restrictions bypass in libcgroup

Published: 2018-08-08 14:32:23
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-14348
CVSSv3 6.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Network
Public exploit Not available
Vulnerable software libcgroup
Vulnerable software versions libcgroup -
Vendor URL MATSUMOTO Ryosuke

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.


The weakness exists due to permission within /var/log/cgred were not restrictive enough beforehand and ignored any umask setting. A remote attacker can bypass security restrictions and conduct further attacks.

Remediation

Install update from vendor's website.

External links

https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/

Back to List