21 matches found
RLSA-2025:20145 Low: shadow-utils security update
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fixes: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 For...
AlmaLinux 10 : shadow-utils (ALSA-2025:20145)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:20145 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description blo...
RockyLinux 9 : shadow-utils (RLSA-2025:20559)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:20559 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description blo...
shadow-utils security update
An update is available for shadow-utils. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The shadow-utils packages include programs for converting UNIX password...
RLSA-2025:20559 Low: shadow-utils security update
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fixes: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 For...
AlmaLinux 9 : shadow-utils (ALSA-2025:20559)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:20559 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description bloc...
Low: Red Hat Security Advisory: shadow-utils security update
An update for shadow-utils is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Low: Red Hat Security Advisory: shadow-utils security update
An update for shadow-utils is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
RHEL 9 : shadow-utils (RHSA-2025:20559)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20559 advisory. The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user...
RHEL 10 : shadow-utils (RHSA-2025:20145)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20145 advisory. The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user...
ALSA-2025:20559 Low: shadow-utils security update
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fixes: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 For...
CVE-2024-56433 affecting package shadow-utils for versions less than shadow-utils_4.18.0
CVE-2024-56433 affecting package shadow-utils for versions less than shadow-utils4.18.0. A patched version of the package is available...
Linux Distros Unpatched Vulnerability : CVE-2024-56433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can...
CVE-2024-56433
shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...
CVE-2024-56433
shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...
CVE-2024-56433
shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...
CVE-2024-56433
shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...
CVE-2024-56433
creationtimestamp| type| source ---|---|--- 2024-12-26 08:41:54+00:00| seen| https://infosec.exchange/users/cve/statuses/113718231978557868 2024-12-26 09:15:31+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3le756uffwm2m 2024-12-26 10:43:06+00:00| seen|...
CVE-2024-56433
shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...
CVE-2024-56433
CVE-2024-56433 affects shadow-utils (shadow) 4.4–4.17.0, which uses a default /etc/subuid range (e.g., UID 100000–165535) that can clash with locally defined UIDs. The documented impact is potential account takeover via newuidmap access to local or same-host resources (e.g., NFS home directories)...