Описание
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
A buffer overflow flaw leading to heap memory corruption was found in the shadow-utils's newusers utility. A local, authenticated attacker could potentially use this flaw to crash the newusers process by supplying crafted data to it.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | shadow-utils | Not affected | ||
| Red Hat Enterprise Linux 6 | shadow-utils | Not affected | ||
| Red Hat Enterprise Linux 7 | shadow-utils | Not affected |
Показывать по
Дополнительная информация
Статус:
4.5 Medium
CVSS3
Связанные уязвимости
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
In shadow before 4.5, the newusers tool could be made to manipulate in ...
4.5 Medium
CVSS3