CVE-2019-19882

Name of the Vulnerable Software and Affected Versions shadow version 4.8

Description The issue allows local users to obtain root access due to misconfigured setuid programs. This specifically affects shadow 4.8 when compiled with --with-libpam but without --disable-account-tools-setuid and without a suitable PAM configuration for setuid account management tools. As a result, account management tools such as groupadd, groupdel, groupmod, useradd, userdel, and usermod can be used by unprivileged local users to escalate privileges to root in multiple ways.

Recommendations For shadow version 4.8, consider recompiling with --disable-account-tools-setuid or ensure a suitable PAM configuration is in place for use with setuid account management tools to prevent privilege escalation. As a temporary workaround, consider restricting access to the account management tools until a properly configured version is available.