blob: e08d07b5412be71691ef6859070f4cdb4ca979c4 [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2020-0027",
"modified": "0001-01-01T00:00:00Z",
"published": "2021-04-14T20:04:52Z",
"aliases": [
"CVE-2018-6558",
"GHSA-qj26-7grj-whg3"
],
"summary": "Privilege escalation in github.com/google/fscrypt",
"details": "After dropping and then elevating process privileges euid, guid, and groups are not properly restored to their original values, allowing an unprivileged user to gain membership in the root group.",
"affected": [
{
"package": {
"name": "github.com/google/fscrypt",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.4"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/google/fscrypt/pam",
"symbols": [
"Handle.StartAsPamUser",
"Handle.StopAsPamUser",
"NewHandle"
]
},
{
"path": "github.com/google/fscrypt/security",
"symbols": [
"FindKey",
"InsertKey",
"RemoveKey",
"SetProcessPrivileges",
"UserKeyringID",
"setGids",
"setGroups",
"setUids"
]
}
]
}
}
],
"references": [
{
"type": "FIX",
"url": "https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b"
},
{
"type": "WEB",
"url": "https://github.com/google/fscrypt/issues/77"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2020-0027",
"review_status": "REVIEWED"
}
}