CVE-2018-1113 : Security Advisory and Response

In Fedora and Red Hat Enterprise Linux, the versions prior to 2.11.4-1.fc28 included the addition of /sbin/nologin and /usr/sbin/nologin to the /etc/shells file. This action conflicted with security assumptions made by pam_shells and certain daemons, potentially allowing users with modified shells to access the system.

Understanding CVE-2018-1113

This CVE highlights a vulnerability in the setup package affecting specific versions of Fedora and Red Hat Enterprise Linux.

What is CVE-2018-1113?

The vulnerability in setup versions prior to 2.11.4-1.fc28 allowed users with modified shells to bypass security restrictions and gain unauthorized access to the system.

The Impact of CVE-2018-1113

The vulnerability could lead to unauthorized access to the system by users with altered shell configurations, potentially compromising system security.

Technical Details of CVE-2018-1113

This section provides detailed technical information about the CVE.

Vulnerability Description

The issue stemmed from the addition of /sbin/nologin and /usr/sbin/nologin to the /etc/shells file, contradicting security assumptions and enabling unauthorized access.

Affected Systems and Versions

Product: setup
Vendor: [UNKNOWN]
Versions Affected: setup 2.11.4-1.fc28

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Local
Privileges Required: Low
User Interaction: Required
Scope: Unchanged
CVSS Base Score: 4.8 (Medium)

Mitigation and Prevention

Protect your systems from CVE-2018-1113 with the following steps:

Immediate Steps to Take

Update the setup package to version 2.11.4-1.fc28 or higher.
Monitor user shell configurations for unauthorized changes.

Long-Term Security Practices

Regularly review and update the list of valid shells in /etc/shells.
Implement user access controls and monitoring mechanisms to detect unauthorized access attempts.

Patching and Updates

Apply security patches provided by Red Hat to address the vulnerability and enhance system security.