PT-2018-1953 · Suse · Shadow+1

Publicado

2018-09-25

Atualizado

2019-10-03

CVE-2018-16588

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SUSE shadow versions 4.2.1-27.9.1 through 4.5-5.39 for SUSE Linux Enterprise 12 and 15

Description The issue is related to errors in access control in the useradd function of the SUSE shadow utility. This can allow an attacker to escalate their privileges. Local attackers might exploit this issue by utilizing world-writable directories created during user creation, potentially leading to privilege escalation and other unspecified attacks.

Recommendations For SUSE Linux Enterprise 12, update the shadow package to a version later than 4.2.1-27.9.1. For SUSE Linux Enterprise 15, update the shadow package to a version later than 4.5-5.39. As a temporary workaround, consider restricting access to the useradd function until a patch is available.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-264

Identificadores relacionados

BDU:2018-01560

CVE-2018-16588

OPENSUSE-SU-2018_2852-1

OPENSUSE-SU-2018_2885-1

Produtos afetados

Suse

Shadow

PT-2018-1953 · Suse · Shadow+1

CVE-2018-16588

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7