CVE-2017-12424

Name of the Vulnerable Software and Affected Versions shadow versions prior to 4.5

Description The issue is related to the newusers tool in the shadow utility, which can be manipulated with malformed input, leading to crashes or unspecified behaviors due to buffer overflow or memory corruption. This can cross a privilege boundary, particularly in web-hosting environments where an unprivileged user can create subaccounts through a Control Panel. The exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For shadow versions prior to 4.5, consider restricting access to the newusers tool to prevent unintended manipulation of internal data structures until a fixed version is available. As a temporary workaround, limit the creation of subaccounts in web-hosting environments to minimize the risk of exploitation.