NotCVE - vendor:"Shadow Project" product:"Shadow" version:"4.5"

2 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-16588

https://notcve.org/view.php?id=CVE-2018-16588

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. Puede ocurrir un escalado de privilegios en el código SUSE useradd en useradd.c, tal y como se distribuye en el paquete SUSE shadow hasta la versión 4.2.1-27.9.1 para SUSE Linux Enterprise 12 (SLE-12) y hasta la versión 4.5-5.39 para SUSE Linux Enterprise 15 (SLE-15). • http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-7169

https://notcve.org/view.php?id=CVE-2018-7169

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. Se ha descubierto un problema en shadow 4.5. newgidmap (en shadow-utils) es setuid y permite que un usuario no privilegiado se coloque en un espacio de nombres de usuario en el que setgroups(2) está permitido. Esto permite que un atacante se autoelimine de un grupo suplementario, lo que podría permitir el acceso a ciertas rutas del sistema de archivos si el administrador ha empleado "listas negras de grupos" (por ejemplo, chmod g-rwx) para restringir el acceso a las rutas. • https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 https://security.gentoo.org/glsa/201805-09 • CWE-732: Incorrect Permission Assignment for Critical Resource •