57206 – CVE-2024-1086 | Linux kernel's netfilter: nf_tables component can be exploited

Bug 57206 - CVE-2024-1086 | Linux kernel's netfilter: nf_tables component can be exploited

Summary: CVE-2024-1086 | Linux kernel's netfilter: nf_tables component can be exploited

Status:	CLOSED DUPLICATE of bug 57414

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P3 normal
Target Milestone:	---
Assignee:	UCS maintainers
QA Contact:	UCS maintainers

URL:	https://nvd.nist.gov/vuln/detail/CVE-...
Keywords:

Depends on:
Blocks:

Reported:	2024-04-03 10:15 CEST by Finn David
Modified:	2024-07-08 12:28 CEST (History)
CC List:	5 users (show)

See Also:	56818
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2024040221000182
Bug group (optional):	Security
Customer ID:	01427
Max CVSS v3 score:	7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Finn David

2024-04-03 10:15:24 CEST

The customer is asking for a possible security patch, as there is none provided by the debian security tracker.

Comment 2 Philipp Hahn

2024-04-03 11:48:23 CEST

UCS 5.0 uses "nf_tables":

# uname -r
4.19.0-26-amd64
# grep -o nf_table /proc/modules
nf_tables

According to [Ubuntu](https://ubuntu.com/security/CVE-2024-1086) the vulnerability can be mitigated by disabling "unprivileged user name space cloning":

# sysctl kernel.unprivileged_userns_clone
kernel.unprivileged_userns_clone = 0

So UCS should not be vulnerable by default — unless when you add your own (exploitable) firewall rules, in which case you are already "root" and do not need the exploit to become root: Attack-Vector (AV) is "Local".

Comment 3 Arvid Requate

2024-07-03 17:02:40 CEST

Fixed for UCS 5.0-9 with Errata update for Bug 57414:

<https://errata.software-univention.de/#/?erratum=5.0x1077>
<https://errata.software-univention.de/#/?erratum=5.0x1078>
<https://errata.software-univention.de/#/?erratum=5.0x1079>

*** This bug has been marked as a duplicate of bug 57414 ***