shadow setuid Failure Local Privilege Escalation

2006-07-05T12:18:59
ID OSVDB:26995
Type osvdb
Reporter Ilja van Sprundel()
Modified 2006-07-05T12:18:59

Description

Vulnerability Description

Shadow contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when passwd, called with the -f, -g, or -s option, did not check the result of the 'setuid' call. This flaw may lead to a loss of Confidentiality and Integrity.

Solution Description

Upgrade to version 4.0.14 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Shadow contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when passwd, called with the -f, -g, or -s option, did not check the result of the 'setuid' call. This flaw may lead to a loss of Confidentiality and Integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:20950 Secunia Advisory ID:20966 CVE-2006-3378 Bugtraq ID: 18850