3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
17.4%
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and
removing directory trees
Author | Note |
---|---|
ccdm94 | The original issue associated with this CVE is issue 317, which provides a fix through commit dcca865. However, another pull request which references this issue was opened at a later date, this being PR 545. This pull request is said to actually address the issue while commit dcca865 was only a work around to the problem. Additionally, from the first comment that can be seen in PR 483, it seems like commit b447216 is also needed in order to completely fix this issue. Three commits fixing regressions introduced by one of the fix commits have been added after release 4.12.2, which is considered by upstream as the fixed release. These commit are: f3bdb28, 10cd68e and cde221b. They are a part of version 4.13 of shadow. One of the commits that needs to be applied in order to fix this CVE introduces a regression in focal and earlier, as seen by launchpad bug 1998169. The commit which seems to cause the issue is commit f3bdb28. Flag AT_SYMLINK_NOFOLLOW is not implemented in the kernel for function fchmodat, and, for focal and earlier, glibc does not contain commit 752dd17443, which fixes this problem. Therefore, useradd was not behaving correctly in focal and earlier once the fix for this issue was applied. |
bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169
github.com/shadow-maint/shadow/issues/317
github.com/shadow-maint/shadow/pull/545
launchpad.net/bugs/cve/CVE-2013-4235
nvd.nist.gov/vuln/detail/CVE-2013-4235
security-tracker.debian.org/tracker/CVE-2013-4235
ubuntu.com/security/notices/USN-5745-1
ubuntu.com/security/notices/USN-5745-2
www.cve.org/CVERecord?id=CVE-2013-4235
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
17.4%