{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/authd/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"id":"CVE-2026-6970"}],"_cs_exploited":false,"_cs_products":["authd"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","linux","authd"],"_cs_type":"advisory","_cs_vendors":["Canonical"],"content_html":"\u003cp\u003eauthd version 0.6.0 contains a vulnerability related to how it sets the primary group ID (GID) for users. Specifically, when a user\u0026rsquo;s GID differs from their UID (either due to initial creation with authd \u0026lt; 0.5.4 or manual modification via \u003ccode\u003eauthctl group set-gid\u003c/code\u003e), authd can incorrectly set the primary group ID to the user\u0026rsquo;s UID upon login if some user information changed in the identity provider. This occurs because the user record is updated upon login. This issue affects users whose primary group ID differs from their UID. The vulnerability, identified as CVE-2026-6970, can lead to local privilege escalation, as well as creating files and directories with incorrect group ownership, potentially granting unintended access to other local users. The vulnerability has been fixed in authd versions \u0026gt;= 0.6.4.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eUser is created with authd \u0026lt; 0.5.4, resulting in a UID != GID, or an existing user\u0026rsquo;s primary group is manually modified using \u003ccode\u003eauthctl group set-gid\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUser information is changed in the identity provider, triggering a user record update upon login.\u003c/li\u003e\n\u003cli\u003eThe affected user logs in.\u003c/li\u003e\n\u003cli\u003eauthd incorrectly sets the user\u0026rsquo;s primary group ID to their UID instead of the correct GID.\u003c/li\u003e\n\u003cli\u003eUser attempts to create a new file or directory.\u003c/li\u003e\n\u003cli\u003eThe newly created file or directory is assigned the incorrect group ownership (UID instead of GID).\u003c/li\u003e\n\u003cli\u003eAnother local user, who is a member of the correct GID, attempts to access the file.\u003c/li\u003e\n\u003cli\u003eThe second local user may gain unintended access to the file due to the incorrect group ownership, potentially leading to unauthorized information disclosure or modification.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability can result in local privilege escalation if users gain access to files or directories they should not have access to. It can also lead to data breaches if sensitive information is exposed due to incorrect file permissions. The number of affected users depends on the deployment of authd and the number of users whose primary group ID differs from their UID. If exploited, the impact could range from unauthorized access to sensitive data to complete system compromise depending on the permissions granted to the incorrectly owned files.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade authd to version 0.6.4 or later to remediate CVE-2026-6970.\u003c/li\u003e\n\u003cli\u003eUse the provided script from the advisory to correct the primary group ID of all authd users and update file ownership in the home directory, referencing the script provided in the Overview.\u003c/li\u003e\n\u003cli\u003eAfter applying the fix, force affected users to log out and log back in using \u003ccode\u003esudo loginctl terminate-user \u0026quot;$user\u0026quot;\u003c/code\u003e to ensure the changes are reflected, referencing the command in the Overview.\u003c/li\u003e\n\u003cli\u003eMonitor authd logs for instances of \u003ccode\u003eauthctl group set-gid\u003c/code\u003e being executed by unauthorized users.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-authd-gid-mismatch/","summary":"authd 0.6.0 contains a bug that leads to an incorrect primary group ID being set to the user's UID, potentially leading to local privilege escalation and incorrect file ownership, fixed in authd \u003e= 0.6.4.","title":"authd Incorrect Primary Group ID Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-authd-gid-mismatch/"}],"language":"en","title":"CraftedSignal Threat Feed — Authd","version":"https://jsonfeed.org/version/1.1"}