5 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. Se presenta un posible secuestro de tty en shadow versiones 4.x anteriores a 4.1.5 y sudo versiones 1.x anteriores a 1.7.4 por medio de "su - user -c program". La sesión de usuario puede ser escapada a la sesión principal mediante el uso de la ioctl TIOCSTI para insertar caracteres en el búfer de entrada para ser leídos por el siguiente proceso. • http://www.openwall.com/lists/oss-security/2012/11/06/8 http://www.openwall.com/lists/oss-security/2013/05/20/3 http://www.openwall.com/lists/oss-security/2013/11/28/10 http://www.openwall.com/lists/oss-security/2013/11/29/5 http://www.openwall.com/lists/oss-security/2014/10/20/9 http://www.openwall.com/lists/oss-security/2014/10/21/1 http://www.openwall.com/lists/oss-security/2014/12/15/5 http://www.openwall.com/lists/oss-security/201 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. Puede ocurrir un escalado de privilegios en el código SUSE useradd en useradd.c, tal y como se distribuye en el paquete SUSE shadow hasta la versión 4.2.1-27.9.1 para SUSE Linux Enterprise 12 (SLE-12) y hasta la versión 4.5-5.39 para SUSE Linux Enterprise 15 (SLE-15). • http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. En las versiones de Shadow anteriores a la 4.5, la herramienta newusers podría utilizarse para manipular estructuras de datos internas de formas no permitidas por los desarrolladores. Las entradas manipuladas podrían llevar a caídas (con un desbordamiento de búfer u otros tipos de corrupción de memoria) o a otro tipo de comportamiento sin especificar. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675 https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html https://security.gentoo.org/glsa/201710-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.7EPSS: 0%CPEs: 8EXPL: 0

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://cvs.pld.org.pl/shadow/NEWS?rev=1.109 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://secunia.com/advisories/20370 http://secunia.com/advisories/20506 http://secunia.com/advisories/25098 http://secunia.com/advisories/25267 http://secunia.com/advisories/25629 http://secunia.com/advisories/25894 http://secunia.com/advisories/25896 http://secunia.com/advisories • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000894 http://secunia.com/advisories/13028 http://www.debian.org/security/2004/dsa-585 https://exchange.xforce.ibmcloud.com/vulnerabilities/17902 •