漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Mishandling of file-system uid/gid with namespaces in shiftfs
Vulnerability Description
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
文件和路径信息暴露
Vulnerability Title
Canonical Ubuntu Linux kernel 安全漏洞
Vulnerability Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。Canonical Ubuntu Linux是英国Canonical公司的一套Linux操作系统。 Canonical Ubuntu Linux 18.04(lts)版本和19.04版本中的Linux kernel 5.0版本和5.3版本的shiftfs实现存在安全漏洞。本地攻击者可利用该漏洞绕过DAC权限或造成其他危害。
CVSS Information
N/A
Vulnerability Type
N/A