Vulnerability Details CVE-2018-1113
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.8%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 4.6
References
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2018:3249
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2018:3249
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113
Products affected by CVE-2018-1113
-
cpe:2.3:a:redhat:setup:2.10.10
-
cpe:2.3:a:redhat:setup:2.10.7
-
cpe:2.3:a:redhat:setup:2.10.8
-
cpe:2.3:a:redhat:setup:2.10.9
-
cpe:2.3:a:redhat:setup:2.11.1
-
cpe:2.3:a:redhat:setup:2.11.2
-
cpe:2.3:a:redhat:setup:2.11.3
-
cpe:2.3:o:fedoraproject:fedora:-
-
cpe:2.3:o:redhat:enterprise_linux:-
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0