PT-2018-1953 · Suse · Shadow+1

Published

2018-09-25

Updated

2019-10-03

CVE-2018-16588

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SUSE shadow versions 4.2.1-27.9.1 through 4.5-5.39 for SUSE Linux Enterprise 12 and 15

Description The issue is related to errors in access control in the useradd function of the SUSE shadow utility. This can allow an attacker to escalate their privileges. Local attackers might exploit this issue by utilizing world-writable directories created during user creation, potentially leading to privilege escalation and other unspecified attacks.

Recommendations For SUSE Linux Enterprise 12, update the shadow package to a version later than 4.2.1-27.9.1. For SUSE Linux Enterprise 15, update the shadow package to a version later than 4.5-5.39. As a temporary workaround, consider restricting access to the useradd function until a patch is available.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-264

Related Identifiers

BDU:2018-01560

CVE-2018-16588

OPENSUSE-SU-2018_2852-1

OPENSUSE-SU-2018_2885-1

Affected Products

Suse

Shadow

PT-2018-1953 · Suse · Shadow+1

CVE-2018-16588

Weakness Enumeration

Related Identifiers

Affected Products

References · 7