Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1113 (GCVE-0-2018-1113)
Vulnerability from cvelistv5
URL | Tags | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:51:48.931Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:3249", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" }, { "name": "RHBA-2019:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "setup", "vendor": "[UNKNOWN]", "versions": [ { "status": "affected", "version": "setup 2.11.4-1.fc28" } ] } ], "datePublic": "2018-04-24T00:00:00", "descriptions": [ { "lang": "en", "value": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-24T05:06:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2018:3249", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" }, { "name": "RHBA-2019:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1113", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "setup", "version": { "version_data": [ { "version_value": "setup 2.11.4-1.fc28" } ] } } ] }, "vendor_name": "[UNKNOWN]" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system." } ] }, "impact": { "cvss": [ [ { "vectorString": "4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:3249", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" }, { "name": "RHBA-2019:0327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:0327" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1113", "datePublished": "2018-07-02T18:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T03:51:48.931Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-1113\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-07-03T01:29:00.690\",\"lastModified\":\"2024-11-21T03:59:12.507\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.\"},{\"lang\":\"es\",\"value\":\"setup en versiones anteriores a la 2.11.4-1.fc28 en Fedora y Red Hat Enterprise Linux a\u00f1ad\u00eda /sbin/nologin y /usr/sbin/nologin a /etc/shells. Esto viola las asunciones de seguridad realizadas por pam_shells y algunos demonios, lo que permite el acceso en base a que el shell de un usuario se lista en /etc/shells. En algunas circunstancias, los usuarios a los que se les haya cambiado el shell a /sbin/nologin podr\u00edan seguir siendo capaces de acceder al sistema.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.3,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-285\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:setup:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.11.4\",\"matchCriteriaId\":\"446872AD-2412-41A9-BE1A-99C0CC48941A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3FEADDA-2AEE-4F65-9401-971B585664A8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F7347E2-C2A4-4230-A1BC-F6FE93943D4F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHBA-2019:0327\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3249\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:0327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}" } }
cnvd-2018-16694
Vulnerability from cnvd
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: http://getfedora.org/
Name | Red Hat Enterprise Linux <2.11.4-1.fc28 |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2018-1113", "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1113" } }, "description": "Fedora\u662f\u7531Fedora\u9879\u76ee\u793e\u533a\u5f00\u53d1\u3001\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u8d5e\u52a9\u7684\u4e00\u5957\u57fa\u4e8eLinux\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Red Hat Enterprise Linux\uff08RHEL\uff09\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7ef4\u62a4\u548c\u53d1\u5e03\u7684\u4e00\u5957\u9762\u5411\u4f01\u4e1a\u7528\u6237\u7684Linux\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nFedora\u548cRed Hat Enterprise Linux 2.11.4-1.fc28\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06/sbin/nologin\u548c/usr/sbin/nologin\u6dfb\u52a0\u5230/etc/shells\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7cfb\u7edf\u3002", "discovererName": "Doran Moppert", "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://getfedora.org/", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2018-16694", "openTime": "2018-08-28", "patchDescription": "Fedora\u662f\u7531Fedora\u9879\u76ee\u793e\u533a\u5f00\u53d1\u3001\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u8d5e\u52a9\u7684\u4e00\u5957\u57fa\u4e8eLinux\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Red Hat Enterprise Linux\uff08RHEL\uff09\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7ef4\u62a4\u548c\u53d1\u5e03\u7684\u4e00\u5957\u9762\u5411\u4f01\u4e1a\u7528\u6237\u7684Linux\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nFedora\u548cRed Hat Enterprise Linux 2.11.4-1.fc28\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06/sbin/nologin\u548c/usr/sbin/nologin\u6dfb\u52a0\u5230/etc/shells\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "Fedora\u548cRed Hat Enterprise Linux\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": "Red Hat Enterprise Linux \u003c2.11.4-1.fc28" }, "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1113", "serverity": "\u4e2d", "submitTime": "2018-07-05", "title": "Fedora\u548cRed Hat Enterprise Linux\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e" }
gsd-2018-1113
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2018-1113", "description": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.", "id": "GSD-2018-1113", "references": [ "https://access.redhat.com/errata/RHSA-2018:3249", "https://linux.oracle.com/cve/CVE-2018-1113.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2018-1113" ], "details": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.", "id": "GSD-2018-1113", "modified": "2023-12-13T01:22:37.757562Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1113", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "setup", "version": { "version_data": [ { "version_value": "setup 2.11.4-1.fc28" } ] } } ] }, "vendor_name": "[UNKNOWN]" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system." } ] }, "impact": { "cvss": [ [ { "vectorString": "4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:3249", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" }, { "name": "RHBA-2019:0327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:0327" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:setup:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.11.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1113" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-732" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" }, { "name": "RHSA-2018:3249", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "name": "RHBA-2019:0327", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.4 } }, "lastModifiedDate": "2019-10-09T23:38Z", "publishedDate": "2018-07-03T01:29Z" } } }
fkie_cve-2018-1113
Vulnerability from fkie_nvd
5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
URL | Tags | ||
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHBA-2019:0327 | Vendor Advisory | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:3249 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2019:0327 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3249 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113 | Issue Tracking, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
redhat | setup | * | |
fedoraproject | fedora | - | |
redhat | enterprise_linux | - | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_server | 7.0 | |
redhat | enterprise_linux_workstation | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:setup:*:*:*:*:*:*:*:*", "matchCriteriaId": "446872AD-2412-41A9-BE1A-99C0CC48941A", "versionEndExcluding": "2.11.4", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F7347E2-C2A4-4230-A1BC-F6FE93943D4F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system." }, { "lang": "es", "value": "setup en versiones anteriores a la 2.11.4-1.fc28 en Fedora y Red Hat Enterprise Linux a\u00f1ad\u00eda /sbin/nologin y /usr/sbin/nologin a /etc/shells. Esto viola las asunciones de seguridad realizadas por pam_shells y algunos demonios, lo que permite el acceso en base a que el shell de un usuario se lista en /etc/shells. En algunas circunstancias, los usuarios a los que se les haya cambiado el shell a /sbin/nologin podr\u00edan seguir siendo capaces de acceder al sistema." } ], "id": "CVE-2018-1113", "lastModified": "2024-11-21T03:59:12.507", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 1.3, "impactScore": 3.4, "source": "secalert@redhat.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-03T01:29:00.690", "references": [ { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-285" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-732" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
rhsa-2018:3249
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for setup is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The setup package contains a set of important default system configuration and setup files. Examples include /etc/passwd, /etc/group, and /etc/profile. Other examples are the default lists of reserved user IDs, reserved ports, reserved protocols, allowed shells, allowed secure terminals.\n\nSecurity Fix(es):\n\n* setup: nologin listed in /etc/shells violates security expectations (CVE-2018-1113)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:3249", "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index" }, { "category": "external", "summary": "1566469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566469" }, { "category": "external", "summary": "1571094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571094" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3249.json" } ], "title": "Red Hat Security Advisory: setup security and bug fix update", "tracking": { "current_release_date": "2025-10-09T18:41:48+00:00", "generator": { "date": "2025-10-09T18:41:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.9" } }, "id": "RHSA-2018:3249", "initial_release_date": "2018-10-30T13:28:41+00:00", "revision_history": [ { "date": "2018-10-30T13:28:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-10-30T13:28:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-10-09T18:41:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Client (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "setup-0:2.8.71-10.el7.src", "product": { "name": "setup-0:2.8.71-10.el7.src", "product_id": "setup-0:2.8.71-10.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/setup@2.8.71-10.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "setup-0:2.8.71-10.el7.noarch", "product": { "name": "setup-0:2.8.71-10.el7.noarch", "product_id": "setup-0:2.8.71-10.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/setup@2.8.71-10.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Client-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Client-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7ComputeNode-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7ComputeNode-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Server-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Server-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Server-Alt-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Server-Alt-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Workstation-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Workstation-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1113", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2018-04-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1571094" } ], "notes": [ { "category": "description", "text": "Setup in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "setup: nologin listed in /etc/shells violates security expectations", "title": "Vulnerability summary" }, { "category": "other", "text": "Preventing a user from accessing the system without deleting their account is not a simple matter. For utmost security, the account should be deleted. Short of this, we recommend a three-pronged approach:\n * change the user\u0027s login shell to a harmless command that is not in \"/etc/shells\" (for example \"/bin/false\") to prevent commands being run on their behalf\n * lock the user\u0027s password with \"usermod -L\" to prevent authentication with pam services\n * prevent access to the user\u0027s home directory with \"chmod 0\" or \"chown root\" and \"chmod 700\" to prevent authentication with ssh keys etc", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-7.6:setup-0:2.8.71-10.el7.noarch", "7Client-7.6:setup-0:2.8.71-10.el7.src", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src", "7Server-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-7.6:setup-0:2.8.71-10.el7.src", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src", "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch", "7Workstation-7.6:setup-0:2.8.71-10.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1113" }, { "category": "external", "summary": "RHBZ#1571094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571094" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1113", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1113" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1113", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1113" } ], "release_date": "2018-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-30T13:28:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Client-7.6:setup-0:2.8.71-10.el7.noarch", "7Client-7.6:setup-0:2.8.71-10.el7.src", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src", "7Server-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-7.6:setup-0:2.8.71-10.el7.src", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src", "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch", "7Workstation-7.6:setup-0:2.8.71-10.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:3249" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Client-7.6:setup-0:2.8.71-10.el7.noarch", "7Client-7.6:setup-0:2.8.71-10.el7.src", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src", "7Server-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-7.6:setup-0:2.8.71-10.el7.src", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src", "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch", "7Workstation-7.6:setup-0:2.8.71-10.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "setup: nologin listed in /etc/shells violates security expectations" } ] }
rhsa-2018_3249
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for setup is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The setup package contains a set of important default system configuration and setup files. Examples include /etc/passwd, /etc/group, and /etc/profile. Other examples are the default lists of reserved user IDs, reserved ports, reserved protocols, allowed shells, allowed secure terminals.\n\nSecurity Fix(es):\n\n* setup: nologin listed in /etc/shells violates security expectations (CVE-2018-1113)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:3249", "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index" }, { "category": "external", "summary": "1566469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566469" }, { "category": "external", "summary": "1571094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571094" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3249.json" } ], "title": "Red Hat Security Advisory: setup security and bug fix update", "tracking": { "current_release_date": "2024-11-22T12:08:10+00:00", "generator": { "date": "2024-11-22T12:08:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:3249", "initial_release_date": "2018-10-30T13:28:41+00:00", "revision_history": [ { "date": "2018-10-30T13:28:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-10-30T13:28:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T12:08:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Client (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "setup-0:2.8.71-10.el7.src", "product": { "name": "setup-0:2.8.71-10.el7.src", "product_id": "setup-0:2.8.71-10.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/setup@2.8.71-10.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "setup-0:2.8.71-10.el7.noarch", "product": { "name": "setup-0:2.8.71-10.el7.noarch", "product_id": "setup-0:2.8.71-10.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/setup@2.8.71-10.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Client-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Client-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7ComputeNode-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7ComputeNode-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Server-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Server-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Server-Alt-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Server-Alt-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Workstation-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Workstation-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1113", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2018-04-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1571094" } ], "notes": [ { "category": "description", "text": "Setup in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "setup: nologin listed in /etc/shells violates security expectations", "title": "Vulnerability summary" }, { "category": "other", "text": "Preventing a user from accessing the system without deleting their account is not a simple matter. For utmost security, the account should be deleted. Short of this, we recommend a three-pronged approach:\n * change the user\u0027s login shell to a harmless command that is not in \"/etc/shells\" (for example \"/bin/false\") to prevent commands being run on their behalf\n * lock the user\u0027s password with \"usermod -L\" to prevent authentication with pam services\n * prevent access to the user\u0027s home directory with \"chmod 0\" or \"chown root\" and \"chmod 700\" to prevent authentication with ssh keys etc", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-7.6:setup-0:2.8.71-10.el7.noarch", "7Client-7.6:setup-0:2.8.71-10.el7.src", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src", "7Server-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-7.6:setup-0:2.8.71-10.el7.src", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src", "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch", "7Workstation-7.6:setup-0:2.8.71-10.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1113" }, { "category": "external", "summary": "RHBZ#1571094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571094" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1113", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1113" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1113", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1113" } ], "release_date": "2018-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-30T13:28:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Client-7.6:setup-0:2.8.71-10.el7.noarch", "7Client-7.6:setup-0:2.8.71-10.el7.src", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src", "7Server-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-7.6:setup-0:2.8.71-10.el7.src", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src", "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch", "7Workstation-7.6:setup-0:2.8.71-10.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:3249" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Client-7.6:setup-0:2.8.71-10.el7.noarch", "7Client-7.6:setup-0:2.8.71-10.el7.src", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src", "7Server-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-7.6:setup-0:2.8.71-10.el7.src", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src", "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch", "7Workstation-7.6:setup-0:2.8.71-10.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "setup: nologin listed in /etc/shells violates security expectations" } ] }
RHSA-2018:3249
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for setup is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The setup package contains a set of important default system configuration and setup files. Examples include /etc/passwd, /etc/group, and /etc/profile. Other examples are the default lists of reserved user IDs, reserved ports, reserved protocols, allowed shells, allowed secure terminals.\n\nSecurity Fix(es):\n\n* setup: nologin listed in /etc/shells violates security expectations (CVE-2018-1113)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:3249", "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index" }, { "category": "external", "summary": "1566469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566469" }, { "category": "external", "summary": "1571094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571094" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3249.json" } ], "title": "Red Hat Security Advisory: setup security and bug fix update", "tracking": { "current_release_date": "2025-10-09T18:41:48+00:00", "generator": { "date": "2025-10-09T18:41:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.9" } }, "id": "RHSA-2018:3249", "initial_release_date": "2018-10-30T13:28:41+00:00", "revision_history": [ { "date": "2018-10-30T13:28:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-10-30T13:28:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-10-09T18:41:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Client (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "setup-0:2.8.71-10.el7.src", "product": { "name": "setup-0:2.8.71-10.el7.src", "product_id": "setup-0:2.8.71-10.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/setup@2.8.71-10.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "setup-0:2.8.71-10.el7.noarch", "product": { "name": "setup-0:2.8.71-10.el7.noarch", "product_id": "setup-0:2.8.71-10.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/setup@2.8.71-10.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Client-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Client-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7ComputeNode-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7ComputeNode-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Server-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Server-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Server-Alt-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Server-Alt-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch" }, "product_reference": "setup-0:2.8.71-10.el7.noarch", "relates_to_product_reference": "7Workstation-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "setup-0:2.8.71-10.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6:setup-0:2.8.71-10.el7.src" }, "product_reference": "setup-0:2.8.71-10.el7.src", "relates_to_product_reference": "7Workstation-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1113", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2018-04-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1571094" } ], "notes": [ { "category": "description", "text": "Setup in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "setup: nologin listed in /etc/shells violates security expectations", "title": "Vulnerability summary" }, { "category": "other", "text": "Preventing a user from accessing the system without deleting their account is not a simple matter. For utmost security, the account should be deleted. Short of this, we recommend a three-pronged approach:\n * change the user\u0027s login shell to a harmless command that is not in \"/etc/shells\" (for example \"/bin/false\") to prevent commands being run on their behalf\n * lock the user\u0027s password with \"usermod -L\" to prevent authentication with pam services\n * prevent access to the user\u0027s home directory with \"chmod 0\" or \"chown root\" and \"chmod 700\" to prevent authentication with ssh keys etc", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-7.6:setup-0:2.8.71-10.el7.noarch", "7Client-7.6:setup-0:2.8.71-10.el7.src", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src", "7Server-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-7.6:setup-0:2.8.71-10.el7.src", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src", "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch", "7Workstation-7.6:setup-0:2.8.71-10.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1113" }, { "category": "external", "summary": "RHBZ#1571094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571094" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1113", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1113" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1113", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1113" } ], "release_date": "2018-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-30T13:28:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Client-7.6:setup-0:2.8.71-10.el7.noarch", "7Client-7.6:setup-0:2.8.71-10.el7.src", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src", "7Server-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-7.6:setup-0:2.8.71-10.el7.src", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src", "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch", "7Workstation-7.6:setup-0:2.8.71-10.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:3249" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Client-7.6:setup-0:2.8.71-10.el7.noarch", "7Client-7.6:setup-0:2.8.71-10.el7.src", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.noarch", "7ComputeNode-7.6:setup-0:2.8.71-10.el7.src", "7Server-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-7.6:setup-0:2.8.71-10.el7.src", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.noarch", "7Server-Alt-7.6:setup-0:2.8.71-10.el7.src", "7Workstation-7.6:setup-0:2.8.71-10.el7.noarch", "7Workstation-7.6:setup-0:2.8.71-10.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "setup: nologin listed in /etc/shells violates security expectations" } ] }
CERTFR-2022-AVI-267
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1", "product": { "name": "Junos Space", "vendor": { "name": "Juniper Networks", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2017-13078", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078" }, { "name": "CVE-2017-13077", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077" }, { "name": "CVE-2017-13080", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080" }, { "name": "CVE-2017-13082", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13082" }, { "name": "CVE-2017-13088", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13088" }, { "name": "CVE-2017-13086", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13086" }, { "name": "CVE-2017-13087", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13087" }, { "name": "CVE-2017-5715", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715" }, { "name": "CVE-2018-3639", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639" }, { "name": "CVE-2007-1351", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1351" }, { "name": "CVE-2007-1352", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1352" }, { "name": "CVE-2007-6284", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6284" }, { "name": "CVE-2008-2935", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2935" }, { "name": "CVE-2008-3281", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281" }, { "name": "CVE-2008-3529", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529" }, { "name": "CVE-2008-4226", "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226" }, { "name": "CVE-2008-4225", "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225" }, { "name": "CVE-2009-2414", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414" }, { "name": "CVE-2009-2416", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416" }, { "name": "CVE-2008-5161", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161" }, { "name": "CVE-2010-4008", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008" }, { "name": "CVE-2011-0411", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411" }, { "name": "CVE-2011-1720", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1720" }, { "name": "CVE-2011-0216", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216" }, { "name": "CVE-2011-2834", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834" }, { "name": "CVE-2011-2895", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895" }, { "name": "CVE-2011-3905", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905" }, { "name": "CVE-2011-3919", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919" }, { "name": "CVE-2012-0841", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841" }, { "name": "CVE-2011-1944", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944" }, { "name": "CVE-2012-2807", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807" }, { "name": "CVE-2012-2870", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870" }, { "name": "CVE-2012-5134", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134" }, { "name": "CVE-2011-3102", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102" }, { "name": "CVE-2013-2877", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2877" }, { "name": "CVE-2013-0338", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0338" }, { "name": "CVE-2012-6139", "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139" }, { "name": "CVE-2013-2566", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2566" }, { "name": "CVE-2013-6462", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6462" }, { "name": "CVE-2014-0211", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0211" }, { "name": "CVE-2014-3660", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660" }, { "name": "CVE-2015-1803", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1803" }, { "name": "CVE-2015-1804", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1804" }, { "name": "CVE-2015-1802", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1802" }, { "name": "CVE-2015-2716", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2716" }, { "name": "CVE-2015-5352", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352" }, { "name": "CVE-2015-2808", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808" }, { "name": "CVE-2014-8991", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8991" }, { "name": "CVE-2014-7185", "url": "https://www.cve.org/CVERecord?id=CVE-2014-7185" }, { "name": "CVE-2014-9365", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9365" }, { "name": "CVE-2015-6838", "url": "https://www.cve.org/CVERecord?id=CVE-2015-6838" }, { "name": "CVE-2015-6837", "url": "https://www.cve.org/CVERecord?id=CVE-2015-6837" }, { "name": "CVE-2015-7995", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995" }, { "name": "CVE-2015-8035", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035" }, { "name": "CVE-2015-7499", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7499" }, { "name": "CVE-2015-8242", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8242" }, { "name": "CVE-2015-7500", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7500" }, { "name": "CVE-2016-1762", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762" }, { "name": "CVE-2015-5312", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5312" }, { "name": "CVE-2016-1839", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839" }, { "name": "CVE-2016-1833", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833" }, { "name": "CVE-2016-1837", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837" }, { "name": "CVE-2016-1834", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834" }, { "name": "CVE-2016-1840", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840" }, { "name": "CVE-2016-1836", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836" }, { "name": "CVE-2016-1838", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838" }, { "name": "CVE-2016-1684", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684" }, { "name": "CVE-2016-1683", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683" }, { "name": "CVE-2016-4448", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448" }, { "name": "CVE-2016-4447", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447" }, { "name": "CVE-2016-4449", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449" }, { "name": "CVE-2016-5131", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131" }, { "name": "CVE-2015-0975", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0975" }, { "name": "CVE-2016-4658", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658" }, { "name": "CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "name": "CVE-2016-3627", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627" }, { "name": "CVE-2016-3115", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3115" }, { "name": "CVE-2016-5636", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5636" }, { "name": "CVE-2017-7375", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375" }, { "name": "CVE-2017-7376", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7376" }, { "name": "CVE-2017-7773", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7773" }, { "name": "CVE-2017-7772", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7772" }, { "name": "CVE-2017-7778", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7778" }, { "name": "CVE-2017-7771", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7771" }, { "name": "CVE-2017-7774", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7774" }, { "name": "CVE-2017-7776", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7776" }, { "name": "CVE-2017-7777", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7777" }, { "name": "CVE-2017-7775", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7775" }, { "name": "CVE-2017-6463", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6463" }, { "name": "CVE-2017-6462", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6462" }, { "name": "CVE-2017-6464", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6464" }, { "name": "CVE-2017-14492", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14492" }, { "name": "CVE-2017-14496", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14496" }, { "name": "CVE-2017-14491", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491" }, { "name": "CVE-2017-14493", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14493" }, { "name": "CVE-2017-14494", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14494" }, { "name": "CVE-2017-14495", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14495" }, { "name": "CVE-2017-5130", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5130" }, { "name": "CVE-2017-3736", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736" }, { "name": "CVE-2017-3735", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735" }, { "name": "CVE-2017-15412", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15412" }, { "name": "CVE-2017-3738", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738" }, { "name": "CVE-2017-3737", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737" }, { "name": "CVE-2017-17807", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17807" }, { "name": "CVE-2018-0739", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739" }, { "name": "CVE-2017-16931", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931" }, { "name": "CVE-2018-11214", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214" }, { "name": "CVE-2015-9019", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019" }, { "name": "CVE-2017-18258", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258" }, { "name": "CVE-2017-16932", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932" }, { "name": "CVE-2016-9318", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318" }, { "name": "CVE-2018-1000120", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120" }, { "name": "CVE-2018-1000007", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007" }, { "name": "CVE-2018-1000121", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121" }, { "name": "CVE-2018-1000122", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122" }, { "name": "CVE-2018-0732", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732" }, { "name": "CVE-2018-6914", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6914" }, { "name": "CVE-2017-0898", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0898" }, { "name": "CVE-2018-8778", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8778" }, { "name": "CVE-2017-14033", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14033" }, { "name": "CVE-2018-8780", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8780" }, { "name": "CVE-2017-17742", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17742" }, { "name": "CVE-2017-10784", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10784" }, { "name": "CVE-2017-17405", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17405" }, { "name": "CVE-2018-8779", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8779" }, { "name": "CVE-2017-14064", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14064" }, { "name": "CVE-2018-8777", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8777" }, { "name": "CVE-2018-16395", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395" }, { "name": "CVE-2018-0737", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737" }, { "name": "CVE-2018-16396", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396" }, { "name": "CVE-2018-0495", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495" }, { "name": "CVE-2018-0734", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734" }, { "name": "CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "name": "CVE-2018-1126", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1126" }, { "name": "CVE-2018-7858", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7858" }, { "name": "CVE-2018-1124", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1124" }, { "name": "CVE-2018-10897", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10897" }, { "name": "CVE-2018-1064", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1064" }, { "name": "CVE-2018-5683", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5683" }, { "name": "CVE-2017-13672", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13672" }, { "name": "CVE-2018-11212", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11212" }, { "name": "CVE-2017-18267", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18267" }, { "name": "CVE-2018-13988", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13988" }, { "name": "CVE-2018-20169", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20169" }, { "name": "CVE-2018-19985", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19985" }, { "name": "CVE-2019-1559", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559" }, { "name": "CVE-2019-6133", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6133" }, { "name": "CVE-2018-18311", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18311" }, { "name": "CVE-2018-12127", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127" }, { "name": "CVE-2018-12130", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130" }, { "name": "CVE-2019-11091", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091" }, { "name": "CVE-2018-12126", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126" }, { "name": "CVE-2019-9503", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503" }, { "name": "CVE-2019-10132", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10132" }, { "name": "CVE-2019-11190", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11190" }, { "name": "CVE-2019-11884", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11884" }, { "name": "CVE-2019-11487", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11487" }, { "name": "CVE-2019-12382", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12382" }, { "name": "CVE-2018-7191", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7191" }, { "name": "CVE-2019-5953", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5953" }, { "name": "CVE-2019-12614", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12614" }, { "name": "CVE-2019-11729", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11729" }, { "name": "CVE-2019-11727", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727" }, { "name": "CVE-2019-11719", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719" }, { "name": "CVE-2018-1060", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1060" }, { "name": "CVE-2018-12327", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12327" }, { "name": "CVE-2018-1061", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1061" }, { "name": "CVE-2019-10639", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10639" }, { "name": "CVE-2019-10638", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10638" }, { "name": "CVE-2018-20836", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20836" }, { "name": "CVE-2019-13233", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13233" }, { "name": "CVE-2019-14283", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14283" }, { "name": "CVE-2019-13648", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13648" }, { "name": "CVE-2019-10207", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10207" }, { "name": "CVE-2015-9289", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9289" }, { "name": "CVE-2019-14816", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14816" }, { "name": "CVE-2019-15239", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15239" }, { "name": "CVE-2019-15917", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15917" }, { "name": "CVE-2017-18551", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18551" }, { "name": "CVE-2019-15217", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15217" }, { "name": "CVE-2019-14821", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14821" }, { "name": "CVE-2019-11068", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11068" }, { "name": "CVE-2018-18066", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18066" }, { "name": "CVE-2019-15903", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15903" }, { "name": "CVE-2019-17666", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17666" }, { "name": "CVE-2019-17133", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17133" }, { "name": "CVE-2018-12207", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12207" }, { "name": "CVE-2019-11135", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135" }, { "name": "CVE-2019-0154", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0154" }, { "name": "CVE-2019-17055", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17055" }, { "name": "CVE-2019-17053", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17053" }, { "name": "CVE-2019-16746", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746" }, { "name": "CVE-2019-0155", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0155" }, { "name": "CVE-2019-16233", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16233" }, { "name": "CVE-2019-15807", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15807" }, { "name": "CVE-2019-16231", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16231" }, { "name": "CVE-2019-11756", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756" }, { "name": "CVE-2019-11745", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745" }, { "name": "CVE-2019-19058", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19058" }, { "name": "CVE-2019-14895", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14895" }, { "name": "CVE-2019-19046", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19046" }, { "name": "CVE-2019-15916", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15916" }, { "name": "CVE-2019-18660", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18660" }, { "name": "CVE-2019-19063", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19063" }, { "name": "CVE-2019-19062", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19062" }, { "name": "CVE-2018-14526", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14526" }, { "name": "CVE-2019-13734", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13734" }, { "name": "CVE-2019-19530", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19530" }, { "name": "CVE-2019-19534", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19534" }, { "name": "CVE-2019-19524", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19524" }, { "name": "CVE-2019-14901", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14901" }, { "name": "CVE-2019-19537", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19537" }, { "name": "CVE-2019-19523", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19523" }, { "name": "CVE-2019-19338", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19338" }, { "name": "CVE-2019-19332", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19332" }, { "name": "CVE-2019-19527", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19527" }, { "name": "CVE-2019-18808", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18808" }, { "name": "CVE-2019-19767", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19767" }, { "name": "CVE-2019-19807", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19807" }, { "name": "CVE-2019-19055", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19055" }, { "name": "CVE-2019-17023", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023" }, { "name": "CVE-2019-9824", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824" }, { "name": "CVE-2019-9636", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636" }, { "name": "CVE-2019-12749", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749" }, { "name": "CVE-2019-19447", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19447" }, { "name": "CVE-2019-20095", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20095" }, { "name": "CVE-2019-20054", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20054" }, { "name": "CVE-2019-18634", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18634" }, { "name": "CVE-2019-14898", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14898" }, { "name": "CVE-2019-16994", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16994" }, { "name": "CVE-2019-18282", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18282" }, { "name": "CVE-2020-2732", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2732" }, { "name": "CVE-2019-19059", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19059" }, { "name": "CVE-2019-3901", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3901" }, { "name": "CVE-2020-9383", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9383" }, { "name": "CVE-2020-8647", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8647" }, { "name": "CVE-2020-8649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8649" }, { "name": "CVE-2020-1749", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1749" }, { "name": "CVE-2019-9458", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9458" }, { "name": "CVE-2020-10942", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10942" }, { "name": "CVE-2019-9454", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9454" }, { "name": "CVE-2020-11565", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11565" }, { "name": "CVE-2020-10690", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10690" }, { "name": "CVE-2020-10751", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10751" }, { "name": "CVE-2020-12826", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12826" }, { "name": "CVE-2020-12654", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12654" }, { "name": "CVE-2020-10732", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10732" }, { "name": "CVE-2019-20636", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20636" }, { "name": "CVE-2019-20811", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20811" }, { "name": "CVE-2020-12653", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12653" }, { "name": "CVE-2020-10757", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10757" }, { "name": "CVE-2020-12770", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12770" }, { "name": "CVE-2020-12888", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12888" }, { "name": "CVE-2020-12402", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12402" }, { "name": "CVE-2018-16881", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16881" }, { "name": "CVE-2018-19519", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19519" }, { "name": "CVE-2020-10713", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713" }, { "name": "CVE-2020-14311", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311" }, { "name": "CVE-2020-14309", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309" }, { "name": "CVE-2020-15706", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706" }, { "name": "CVE-2020-14308", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308" }, { "name": "CVE-2020-14310", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310" }, { "name": "CVE-2020-15705", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705" }, { "name": "CVE-2020-15707", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15707" }, { "name": "CVE-2020-14331", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14331" }, { "name": "CVE-2020-10769", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10769" }, { "name": "CVE-2020-14364", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14364" }, { "name": "CVE-2020-12400", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400" }, { "name": "CVE-2020-12401", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401" }, { "name": "CVE-2020-6829", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829" }, { "name": "CVE-2020-14314", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14314" }, { "name": "CVE-2020-24394", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24394" }, { "name": "CVE-2020-25212", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25212" }, { "name": "CVE-2020-14305", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14305" }, { "name": "CVE-2020-10742", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10742" }, { "name": "CVE-2020-14385", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14385" }, { "name": "CVE-2020-25643", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25643" }, { "name": "CVE-2020-15999", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15999" }, { "name": "CVE-2018-20843", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20843" }, { "name": "CVE-2018-5729", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5729" }, { "name": "CVE-2018-5730", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5730" }, { "name": "CVE-2020-13817", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13817" }, { "name": "CVE-2020-11868", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11868" }, { "name": "CVE-2021-3156", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156" }, { "name": "CVE-2019-17006", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006" }, { "name": "CVE-2019-13232", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13232" }, { "name": "CVE-2020-10531", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10531" }, { "name": "CVE-2019-8696", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8696" }, { "name": "CVE-2019-20907", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20907" }, { "name": "CVE-2019-8675", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8675" }, { "name": "CVE-2017-12652", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12652" }, { "name": "CVE-2019-12450", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12450" }, { "name": "CVE-2020-12825", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12825" }, { "name": "CVE-2020-12243", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12243" }, { "name": "CVE-2019-14866", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14866" }, { "name": "CVE-2020-1983", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1983" }, { "name": "CVE-2019-5188", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5188" }, { "name": "CVE-2019-5094", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5094" }, { "name": "CVE-2020-10754", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10754" }, { "name": "CVE-2020-12049", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12049" }, { "name": "CVE-2019-14822", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14822" }, { "name": "CVE-2020-14363", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14363" }, { "name": "CVE-2019-9924", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9924" }, { "name": "CVE-2018-18751", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18751" }, { "name": "CVE-2019-9948", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9948" }, { "name": "CVE-2019-20386", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20386" }, { "name": "CVE-2017-13722", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13722" }, { "name": "CVE-2014-0210", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0210" }, { "name": "CVE-2018-16403", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16403" }, { "name": "CVE-2018-15746", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15746" }, { "name": "CVE-2014-6272", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6272" }, { "name": "CVE-2019-7638", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7638" }, { "name": "CVE-2015-8241", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8241" }, { "name": "CVE-2019-10155", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10155" }, { "name": "CVE-2018-11813", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11813" }, { "name": "CVE-2018-18310", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18310" }, { "name": "CVE-2018-1084", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1084" }, { "name": "CVE-2020-12662", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12662" }, { "name": "CVE-2012-4423", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4423" }, { "name": "CVE-2017-0902", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0902" }, { "name": "CVE-2018-8945", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8945" }, { "name": "CVE-2017-0899", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0899" }, { "name": "CVE-2010-2239", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2239" }, { "name": "CVE-2010-2242", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2242" }, { "name": "CVE-2017-14167", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14167" }, { "name": "CVE-2015-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0225" }, { "name": "CVE-2019-11324", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11324" }, { "name": "CVE-2013-6458", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6458" }, { "name": "CVE-2018-1000075", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075" }, { "name": "CVE-2018-15857", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15857" }, { "name": "CVE-2018-16062", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16062" }, { "name": "CVE-2018-10534", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10534" }, { "name": "CVE-2014-0179", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0179" }, { "name": "CVE-2018-18384", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18384" }, { "name": "CVE-2013-1766", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1766" }, { "name": "CVE-2016-6580", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6580" }, { "name": "CVE-2018-12697", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12697" }, { "name": "CVE-2018-1000301", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301" }, { "name": "CVE-2019-11236", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236" }, { "name": "CVE-2019-12155", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12155" }, { "name": "CVE-2017-0900", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0900" }, { "name": "CVE-2014-3598", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3598" }, { "name": "CVE-2017-1000050", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050" }, { "name": "CVE-2018-10535", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10535" }, { "name": "CVE-2019-3820", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3820" }, { "name": "CVE-2018-16402", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16402" }, { "name": "CVE-2018-1116", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1116" }, { "name": "CVE-2018-15853", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15853" }, { "name": "CVE-2019-14378", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14378" }, { "name": "CVE-2016-1494", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1494" }, { "name": "CVE-2019-12312", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12312" }, { "name": "CVE-2013-0339", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0339" }, { "name": "CVE-2019-16935", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16935" }, { "name": "CVE-2015-6525", "url": "https://www.cve.org/CVERecord?id=CVE-2015-6525" }, { "name": "CVE-2016-6581", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6581" }, { "name": "CVE-2013-4520", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4520" }, { "name": "CVE-2014-3633", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3633" }, { "name": "CVE-2014-3004", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3004" }, { "name": "CVE-2015-9381", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9381" }, { "name": "CVE-2016-5361", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5361" }, { "name": "CVE-2018-14598", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14598" }, { "name": "CVE-2014-1447", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1447" }, { "name": "CVE-2018-20852", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20852" }, { "name": "CVE-2012-2693", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2693" }, { "name": "CVE-2018-7208", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7208" }, { "name": "CVE-2018-12910", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12910" }, { "name": "CVE-2019-8325", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8325" }, { "name": "CVE-2015-7497", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7497" }, { "name": "CVE-2019-7665", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7665" }, { "name": "CVE-2018-15854", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15854" }, { "name": "CVE-2019-13404", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13404" }, { "name": "CVE-2015-5160", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5160" }, { "name": "CVE-2018-10767", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10767" }, { "name": "CVE-2018-7550", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7550" }, { "name": "CVE-2016-3076", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3076" }, { "name": "CVE-2018-14404", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14404" }, { "name": "CVE-2018-18521", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18521" }, { "name": "CVE-2018-19788", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19788" }, { "name": "CVE-2019-8322", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8322" }, { "name": "CVE-2019-3840", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3840" }, { "name": "CVE-2016-9189", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9189" }, { "name": "CVE-2015-9262", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9262" }, { "name": "CVE-2018-14647", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14647" }, { "name": "CVE-2019-17041", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17041" }, { "name": "CVE-2019-14906", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14906" }, { "name": "CVE-2018-1000073", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073" }, { "name": "CVE-2019-9947", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9947" }, { "name": "CVE-2017-1000158", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158" }, { "name": "CVE-2019-7635", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7635" }, { "name": "CVE-2019-7576", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7576" }, { "name": "CVE-2019-14834", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14834" }, { "name": "CVE-2018-15855", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15855" }, { "name": "CVE-2019-7149", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7149" }, { "name": "CVE-2018-7642", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7642" }, { "name": "CVE-2019-5010", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5010" }, { "name": "CVE-2018-12641", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12641" }, { "name": "CVE-2021-3396", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3396" }, { "name": "CVE-2020-12403", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403" }, { "name": "CVE-2017-15268", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15268" }, { "name": "CVE-2018-15587", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15587" }, { "name": "CVE-2016-10746", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10746" }, { "name": "CVE-2017-13711", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13711" }, { "name": "CVE-2014-8131", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8131" }, { "name": "CVE-2014-9601", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9601" }, { "name": "CVE-2014-3657", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3657" }, { "name": "CVE-2018-10373", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10373" }, { "name": "CVE-2017-17790", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17790" }, { "name": "CVE-2011-2511", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2511" }, { "name": "CVE-2018-1000802", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802" }, { "name": "CVE-2017-7555", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7555" }, { "name": "CVE-2016-9015", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9015" }, { "name": "CVE-2017-13720", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13720" }, { "name": "CVE-2018-11782", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11782" }, { "name": "CVE-2017-11671", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11671" }, { "name": "CVE-2017-10664", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10664" }, { "name": "CVE-2018-11213", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11213" }, { "name": "CVE-2013-6457", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6457" }, { "name": "CVE-2019-10138", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10138" }, { "name": "CVE-2019-7578", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7578" }, { "name": "CVE-2020-7039", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7039" }, { "name": "CVE-2017-11368", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11368" }, { "name": "CVE-2018-0494", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0494" }, { "name": "CVE-2019-20485", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20485" }, { "name": "CVE-2003-1418", "url": "https://www.cve.org/CVERecord?id=CVE-2003-1418" }, { "name": "CVE-2017-15289", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15289" }, { "name": "CVE-2016-5391", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5391" }, { "name": "CVE-2017-2810", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2810" }, { "name": "CVE-2018-15864", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15864" }, { "name": "CVE-2017-18207", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18207" }, { "name": "CVE-2019-12761", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12761" }, { "name": "CVE-2013-5651", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5651" }, { "name": "CVE-2017-17522", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17522" }, { "name": "CVE-2019-20382", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20382" }, { "name": "CVE-2016-2533", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2533" }, { "name": "CVE-2019-14287", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14287" }, { "name": "CVE-2018-18520", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18520" }, { "name": "CVE-2019-9740", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740" }, { "name": "CVE-2019-7575", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7575" }, { "name": "CVE-2015-5652", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5652" }, { "name": "CVE-2019-7572", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7572" }, { "name": "CVE-2017-6519", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6519" }, { "name": "CVE-2018-10906", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10906" }, { "name": "CVE-2018-15863", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15863" }, { "name": "CVE-2018-15862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15862" }, { "name": "CVE-2018-1000079", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079" }, { "name": "CVE-2019-7664", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7664" }, { "name": "CVE-2017-5992", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5992" }, { "name": "CVE-2019-16865", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16865" }, { "name": "CVE-2019-8324", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8324" }, { "name": "CVE-2018-1000076", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076" }, { "name": "CVE-2018-1000030", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030" }, { "name": "CVE-2018-1000074", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074" }, { "name": "CVE-2017-0901", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0901" }, { "name": "CVE-2018-7568", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7568" }, { "name": "CVE-2016-0775", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0775" }, { "name": "CVE-2018-15688", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15688" }, { "name": "CVE-2018-14599", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14599" }, { "name": "CVE-2018-10733", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10733" }, { "name": "CVE-2016-9396", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9396" }, { "name": "CVE-2019-10160", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10160" }, { "name": "CVE-2017-7562", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7562" }, { "name": "CVE-2016-1000032", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032" }, { "name": "CVE-2017-15124", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15124" }, { "name": "CVE-2018-1113", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1113" }, { "name": "CVE-2013-4399", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4399" }, { "name": "CVE-2019-7636", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7636" }, { "name": "CVE-2014-3672", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3672" }, { "name": "CVE-2018-4700", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4700" }, { "name": "CVE-2017-0903", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0903" }, { "name": "CVE-2018-15856", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15856" }, { "name": "CVE-2018-1000078", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078" }, { "name": "CVE-2019-7573", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7573" }, { "name": "CVE-2018-1000077", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077" }, { "name": "CVE-2010-2237", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2237" }, { "name": "CVE-2018-1000876", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876" }, { "name": "CVE-2018-14348", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14348" }, { "name": "CVE-2019-3890", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3890" }, { "name": "CVE-2015-7498", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7498" }, { "name": "CVE-2019-7577", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7577" }, { "name": "CVE-2016-0740", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0740" }, { "name": "CVE-2018-4180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4180" }, { "name": "CVE-2013-4297", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4297" }, { "name": "CVE-2010-2238", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2238" }, { "name": "CVE-2018-14600", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14600" }, { "name": "CVE-2017-13090", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13090" }, { "name": "CVE-2013-7336", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7336" }, { "name": "CVE-2018-10372", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10372" }, { "name": "CVE-2019-7637", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7637" }, { "name": "CVE-2018-11806", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11806" }, { "name": "CVE-2018-7643", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7643" }, { "name": "CVE-2015-0236", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0236" }, { "name": "CVE-2018-1000117", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117" }, { "name": "CVE-2014-0209", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0209" }, { "name": "CVE-2013-2230", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2230" }, { "name": "CVE-2018-1122", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1122" }, { "name": "CVE-2014-3960", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3960" }, { "name": "CVE-2019-16056", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16056" }, { "name": "CVE-2020-12663", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12663" }, { "name": "CVE-2018-10768", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10768" }, { "name": "CVE-2017-16611", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16611" }, { "name": "CVE-2014-7823", "url": "https://www.cve.org/CVERecord?id=CVE-2014-7823" }, { "name": "CVE-2020-10703", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10703" }, { "name": "CVE-2018-7569", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7569" }, { "name": "CVE-2013-4154", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4154" }, { "name": "CVE-2018-20060", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060" }, { "name": "CVE-2015-9382", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9382" }, { "name": "CVE-2017-18190", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18190" }, { "name": "CVE-2016-4009", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4009" }, { "name": "CVE-2018-13033", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13033" }, { "name": "CVE-2016-9190", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9190" }, { "name": "CVE-2019-7574", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7574" }, { "name": "CVE-2016-0772", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0772" }, { "name": "CVE-2016-5699", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5699" }, { "name": "CVE-2011-1486", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1486" }, { "name": "CVE-2020-5208", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5208" }, { "name": "CVE-2019-6778", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6778" }, { "name": "CVE-2020-10772", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10772" }, { "name": "CVE-2020-25637", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25637" }, { "name": "CVE-2018-10360", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10360" }, { "name": "CVE-2018-15859", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15859" }, { "name": "CVE-2017-13089", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13089" }, { "name": "CVE-2019-12779", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12779" }, { "name": "CVE-2019-1010238", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238" }, { "name": "CVE-2019-6690", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6690" }, { "name": "CVE-2015-8317", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8317" }, { "name": "CVE-2018-4181", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4181" }, { "name": "CVE-2019-8323", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8323" }, { "name": "CVE-2016-3616", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3616" }, { "name": "CVE-2018-14498", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14498" }, { "name": "CVE-2018-15861", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15861" }, { "name": "CVE-2019-7150", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7150" }, { "name": "CVE-2019-17042", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17042" }, { "name": "CVE-2016-5008", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5008" }, { "name": "CVE-2014-4616", "url": "https://www.cve.org/CVERecord?id=CVE-2014-4616" } ], "initial_release_date": "2022-03-23T00:00:00", "last_revision_date": "2022-03-23T00:00:00", "links": [], "reference": "CERTFR-2022-AVI-267", "revisions": [ { "description": "Version initiale", "revision_date": "2022-03-23T00:00:00.000000" } ], "risks": [ { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST" } ] }
ghsa-pj9f-pvw9-ffjc
Vulnerability from github
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.
{ "affected": [], "aliases": [ "CVE-2018-1113" ], "database_specific": { "cwe_ids": [ "CWE-732" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2018-07-03T01:29:00Z", "severity": "MODERATE" }, "details": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user\u0027s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.", "id": "GHSA-pj9f-pvw9-ffjc", "modified": "2022-05-13T01:33:32Z", "published": "2022-05-13T01:33:32Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1113" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:3249" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.