Shadow
CVE-2018-16588
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.
AnalysisAI
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. Affected products include: Suse Shadow. Version information: through 4.2.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the a
An issue was discovered in shadow 4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no
The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and exec
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Rated high severi
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today