Vulnerability-Lookup

CNVD-2020-60517

Vulnerability from cnvd - Published: 2020-11-04

Title

Google Cloud Platform guest-oslogin权限提升漏洞

Description

Google Cloud Platform是美国谷歌（Google）的一款能够提供云计算、数据存储、数据分析及机器学习等服务的云计算平台。guest-oslogin是其中的一个操作系统登录组件。 Google Cloud Platform中的guest-oslogin 20190304版本至20200507之前版本中存在安全漏洞。攻击者可利用该漏洞将权限提升至root。

Severity

中

Patch Name

Google Cloud Platform guest-oslogin权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29/commits/885cad28e1abb67956e596984af1888f54e7d6af

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-8933

Impacted products

Name
Google Cloud Platform >=20190304，<=20200507

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8933"
    }
  },
  "description": "Google Cloud Platform\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u7684\u4e00\u6b3e\u80fd\u591f\u63d0\u4f9b\u4e91\u8ba1\u7b97\u3001\u6570\u636e\u5b58\u50a8\u3001\u6570\u636e\u5206\u6790\u53ca\u673a\u5668\u5b66\u4e60\u7b49\u670d\u52a1\u7684\u4e91\u8ba1\u7b97\u5e73\u53f0\u3002guest-oslogin\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u767b\u5f55\u7ec4\u4ef6\u3002\n\nGoogle Cloud Platform\u4e2d\u7684guest-oslogin 20190304\u7248\u672c\u81f320200507\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6743\u9650\u63d0\u5347\u81f3root\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/GoogleCloudPlatform/guest-oslogin/pull/29/commits/885cad28e1abb67956e596984af1888f54e7d6af",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-60517",
  "openTime": "2020-11-04",
  "patchDescription": "Google Cloud Platform\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u7684\u4e00\u6b3e\u80fd\u591f\u63d0\u4f9b\u4e91\u8ba1\u7b97\u3001\u6570\u636e\u5b58\u50a8\u3001\u6570\u636e\u5206\u6790\u53ca\u673a\u5668\u5b66\u4e60\u7b49\u670d\u52a1\u7684\u4e91\u8ba1\u7b97\u5e73\u53f0\u3002guest-oslogin\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u767b\u5f55\u7ec4\u4ef6\u3002\r\n\r\nGoogle Cloud Platform\u4e2d\u7684guest-oslogin 20190304\u7248\u672c\u81f320200507\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6743\u9650\u63d0\u5347\u81f3root\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Cloud Platform guest-oslogin\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Cloud Platform \u003e=20190304\uff0c\u003c=20200507"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-8933",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-23",
  "title": "Google Cloud Platform guest-oslogin\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2020-8933 (GCVE-0-2020-8933)

Vulnerability from cvelistv5 – Published: 2020-06-22 13:45 – Updated: 2024-08-04 10:12

Title

Priviged Escalation in Google Cloud Platform's Guest-OSLogin

Summary

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.

Severity ?

9.3 (Critical)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-276 - Incorrect Default Permissions

Assigner

Google

References

URL

Tags

	https://github.com/GoogleCloudPlatform/guest-oslo…	x_refsource_CONFIRM
	https://gitlab.com/gitlab-com/gl-security/gl-redt…	x_refsource_MISC
	https://cloud.google.com/support/bulletins/#gcp-2…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

	Vendor	Product	Version
	Google LLC	guest-oslogin	Affected: 20190304 , < 20200507 (date) Unaffected: 20200507 (date)

Credits

Chris Moberly

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:google:guest-oslogin:20190304.00:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "guest-oslogin",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "20200507",
                "status": "affected",
                "version": "20190304.00",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-8933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:05:29.396344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:15.190Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:12:10.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
          },
          {
            "name": "openSUSE-SU-2020:0996",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
          },
          {
            "name": "openSUSE-SU-2020:1014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "guest-oslogin",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThan": "20200507",
              "status": "affected",
              "version": "20190304",
              "versionType": "date"
            },
            {
              "status": "unaffected",
              "version": "20200507",
              "versionType": "date"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Chris Moberly"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \u0026quot;roles/compute.osLogin\u0026quot; to escalate privileges to root. Using the membership to the \u0026quot;lxd\u0026quot; group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \u0026quot;lxd\u0026quot; user from the OS Login entry.\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using the membership to the \"lxd\" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"lxd\" user from the OS Login entry."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-21T04:58:16.111Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
        },
        {
          "name": "openSUSE-SU-2020:0996",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
        },
        {
          "name": "openSUSE-SU-2020:1014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Priviged Escalation in Google Cloud Platform\u0027s Guest-OSLogin",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2020-8933",
          "STATE": "PUBLIC",
          "TITLE": "Priviged Escalation in Google Cloud Platform\u0027s Guest-OSLogin"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "guest-oslogin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "stable",
                            "version_value": "20190304"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Chris Moberly"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using the membership to the \"lxd\" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"lxd\" user from the OS Login entry."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276 Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29",
              "refsource": "CONFIRM",
              "url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
            },
            {
              "name": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020",
              "refsource": "MISC",
              "url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
            },
            {
              "name": "https://cloud.google.com/support/bulletins/#gcp-2020-008",
              "refsource": "MISC",
              "url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
            },
            {
              "name": "openSUSE-SU-2020:0996",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
            },
            {
              "name": "openSUSE-SU-2020:1014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2020-8933",
    "datePublished": "2020-06-22T13:45:26",
    "dateReserved": "2020-02-12T00:00:00",
    "dateUpdated": "2024-08-04T10:12:10.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-60517

CVE-2020-8933 (GCVE-0-2020-8933)

Tags

Sightings

Nomenclature