Shadow
CVE-2016-6252
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
AnalysisAI
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Affected products include: Shadow Project Shadow.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the a
An issue was discovered in shadow 4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no
The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and exec
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today