CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.

Published : 2018-07-03 01:29 Updated : 2019-10-09 23:38

4.6
CVSS Score More info
Score 4.6 / 10
4.6
Vendor Product Version URI
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Redhat Setup 2.10.7 cpe:/a:redhat:setup:2.10.7
Redhat Setup 2.10.8 cpe:/a:redhat:setup:2.10.8
Redhat Setup 2.10.9 cpe:/a:redhat:setup:2.10.9
Redhat Setup 2.10.10 cpe:/a:redhat:setup:2.10.10
Redhat Setup 2.11.1 cpe:/a:redhat:setup:2.11.1
Redhat Setup 2.11.2 cpe:/a:redhat:setup:2.11.2
Redhat Setup 2.11.3 cpe:/a:redhat:setup:2.11.3
  1. Redhat (4) Search CVE
    1. Setup (7) Search CVE
      1. 2.10.7
      2. 2.10.8
      3. 2.10.9
      4. 2.10.10
      5. 2.11.1
      6. 2.11.2
      7. 2.11.3
    2. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
    3. Enterprise Linux Server (1) Search CVE
      1. 7.0
    4. Enterprise Linux Desktop (1) Search CVE
      1. 7.0

CWE

ID Name Description Links
CWE-732 Incorrect Permission Assignment for Critical Resource The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CVE

History of changes

Date Event
2019-10-03 00:03
2019-04-26 16:40
2019-04-24 06:29
2018-10-31 10:30
2018-09-05 20:23
2018-07-03 01:29

New CVE