Gnu · Shadow · CVE-2018-7169
**Name of the Vulnerable Software and Affected Versions**
shadow version 4.5
**Description**
An issue in the shadow utility allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted, enabling an attacker to remove themselves from a supplementary group. This may allow access to certain filesystem paths if the administrator has used group blacklisting to restrict access. The flaw reverts a security feature in the kernel to prevent privilege escalation.
**Recommendations**
For shadow version 4.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.