Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200606-02
HistoryJun 07, 2006 - 12:00 a.m.

shadow: Privilege escalation

2006-06-0700:00:00
Gentoo Foundation
security.gentoo.org
15

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

50.8%

JSON

Background

shadow provides a set of utilities to deal with user accounts.

Description

When the mailbox is created in useradd, the “open()” function does not receive the three arguments it expects while O_CREAT is present, which leads to random permissions on the created file, before fchmod() is executed.

Impact

Depending on the random permissions given to the mailbox file which is at this time owned by root, a local user may be able to open this file for reading or writing, or even executing it, maybe as the root user.

Workaround

There is no known workaround at this time.

Resolution

All shadow users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.0.15-r2"
OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-apps/shadow< 4.0.15-r2UNKNOWN

Related

oraclelinux 1
nessus 11
cert 1
debiancve 1
centos 2
prion 1
cve 1
openvas 2
ubuntucve 1
redhat 2
securityvulns 1
vmware 1
oraclelinux
oraclelinux
Low: shadow-utils security and bug fix update
2007-05-17 00:00:00
nessus
nessus
CentOS 3 : shadow-utils (CESA-2007:0431)
2007-06-14 00:00:00
GLSA-200606-02 : shadow: Privilege escalation
2006-06-08 00:00:00
RHEL 3 : shadow-utils (RHSA-2007:0431)
2007-06-12 00:00:00
cert
cert
Shadow Utils useradd utility sets incorrect file permissions
2007-12-14 00:00:00
debiancve
debiancve
CVE-2006-1174
2006-05-28 23:02:00
centos
centos
shadow security update
2007-05-02 08:58:02
shadow security update
2007-06-11 21:08:22
prion
prion
Open redirect
2006-05-28 23:02:00
cve
cve
CVE-2006-1174
2006-05-28 23:02:00
openvas
openvas
Gentoo Security Advisory GLSA 200606-02 (shadow)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200606-02 (shadow)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2006-1174
2006-05-28 00:00:00
redhat
redhat
(RHSA-2007:0276) Low: shadow-utils security and bug fix update
2007-05-01 00:00:00
(RHSA-2007:0431) Low: shadow-utils security and bug fix update
2007-06-11 13:45:45
securityvulns
securityvulns
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
2007-09-21 00:00:00
vmware
vmware
Updated versions of all supported hosted products and all ESX 2x products and patches for ESX 30x address critical security updates. Service Console security updates for samba, bind, krb5, vixie-cron, shadow-utils, openldap, pam, gcc, and gdb packages.
2007-09-18 00:00:00

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

50.8%

JSON
Related for GLSA-200606-02
oraclelinux1nessus11cert1debiancve1centos2prion1cve1openvas2ubuntucve1redhat2securityvulns1vmware1