data/reports/GO-2020-0027.yaml - vulndb - Git at Google

 modules:
   - module: github.com/google/fscrypt
     versions:
       - fixed: 0.2.4
     packages:
       - package: github.com/google/fscrypt/pam
         symbols:
           - NewHandle
           - SetProcessPrivileges
           - Handle.StopAsPamUser
       - package: github.com/google/fscrypt/security
         symbols:
           - UserKeyringID
 description: |
     After dropping and then elevating process privileges euid, guid, and groups
     are not properly restored to their original values, allowing an unprivileged
     user to gain membership in the root group.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2018-6558
 ghsas:
   - GHSA-qj26-7grj-whg3
 references:
   - fix: https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b
   - web: https://github.com/google/fscrypt/issues/77
	modules:
	- module: github.com/google/fscrypt
	versions:
	- fixed: 0.2.4
	packages:
	- package: github.com/google/fscrypt/pam
	symbols:
	- NewHandle
	- SetProcessPrivileges
	- Handle.StopAsPamUser
	- package: github.com/google/fscrypt/security
	symbols:
	- UserKeyringID
	description: \|
	After dropping and then elevating process privileges euid, guid, and groups
	are not properly restored to their original values, allowing an unprivileged
	user to gain membership in the root group.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2018-6558
	ghsas:
	- GHSA-qj26-7grj-whg3
	references:
	- fix: https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b
	- web: https://github.com/google/fscrypt/issues/77