Siemens SIMATIC S7-1500 Initialization of a Resource with an Insecure Default (CVE-2024-56433)

shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...

shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.

...

CVE-2024-56433

shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...

DEBIAN-CVE-2024-56433

shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...

AZL-54674 CVE-2024-56433 affecting package shadow-utils for versions less than shadow-utils_4.18.0

shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...

UBUNTU-CVE-2024-56433

shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...

SUSE CVE-2016-6252

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap...

EulerOS Virtualization 3.0.2.2 : shadow-utils (EulerOS-SA-2020-2198)

According to the version of the shadow-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.CVE-2016-6252 Note that...

Huawei EulerOS: Security Advisory for shadow-utils (EulerOS-SA-2020-1759)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : shadow-utils (EulerOS-SA-2020-1237)

According to the version of the shadow-utils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.CVE-2016-6252...

EulerOS 2.0 SP3 : shadow-utils (EulerOS-SA-2019-2662)

According to the version of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.CVE-2016-6252 Note that Tenable Network...

EulerOS 2.0 SP2 : shadow-utils (EulerOS-SA-2019-2427)

According to the versions of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed...

EulerOS 2.0 SP5 : shadow-utils (EulerOS-SA-2019-2188)

According to the version of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.CVE-2016-6252 Note that Tenable Network...

Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Nested User Namespace idmap Limit Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in Linux kernels...

Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (ldpreload Method)

Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation ldpreload Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47166.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses ld.so.preload technique --...

DEBIAN-CVE-2016-6252

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap...

Integer overflow

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap...

CVE-2016-6252

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap...

CVE-2016-6252

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap...

CVE-2016-6252

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap...