Page 2 of 7 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. En las versiones de Shadow anteriores a la 4.5, la herramienta newusers podría utilizarse para manipular estructuras de datos internas de formas no permitidas por los desarrolladores. Las entradas manipuladas podrían llevar a caídas (con un desbordamiento de búfer u otros tipos de corrupción de memoria) o a otro tipo de comportamiento sin especificar. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675 https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html https://security.gentoo.org/glsa/201710-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Desbordamiento de enteros en shadow 4.2.1 permite a usuarios locales obtener privilegios a través de una entrada manipulada para newuidmap. • http://www.debian.org/security/2017/dsa-3793 http://www.openwall.com/lists/oss-security/2016/07/19/6 http://www.openwall.com/lists/oss-security/2016/07/19/7 http://www.openwall.com/lists/oss-security/2016/07/20/2 http://www.openwall.com/lists/oss-security/2016/07/25/7 http://www.securityfocus.com/bid/92055 https://bugzilla.suse.com/show_bug.cgi?id=979282 https://github.com/shadow-maint/shadow/issues/27 https://security.gentoo.org/glsa/201706-02 • CWE-190: Integer Overflow or Wraparound •