Vulnerability CVE-2016-6252: Information

Description

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-6252

Published: Feb. 17, 2017

Modified: Nov. 4, 2017

Error type identifier: CWE-190

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
shadow	sisyphus	4.4-alt1	4.15.1-alt2	ALT-PU-2017-1251-1	179282	Fixed
shadow	p10	4.4-alt1	4.5-alt11	ALT-PU-2017-1251-1	179282	Fixed
shadow	p9	4.4-alt1	4.5-alt8	ALT-PU-2017-1251-1	179282	Fixed
shadow	p8	4.2.1-alt7.M80P.1	4.2.1-alt7.M80P.1	ALT-PU-2017-1277-1	179286	Fixed
shadow	c10f1	4.4-alt1	4.5-alt9	ALT-PU-2017-1251-1	179282	Fixed
shadow	c9f2	4.4-alt1	4.5-alt5	ALT-PU-2017-1251-1	179282	Fixed
shadow	p11	4.4-alt1	4.15.1-alt1	ALT-PU-2017-1251-1	179282	Fixed

Hyperlink	Resource
https://github.com/shadow-maint/shadow/issues/27	Issue Tracking Patch Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=979282	Issue Tracking Patch
[oss-security] 20160725 Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package	Mailing List Patch Third Party Advisory
[oss-security] 20160720 Re: subuid security patches for shadow package	Mailing List Third Party Advisory
[oss-security] 20160719 Re: subuid security patches for shadow package	Mailing List Third Party Advisory
[oss-security] 20160719 subuid security patches for shadow package	Mailing List Third Party Advisory
92055	Third Party Advisory VDB Entry
GLSA-201706-02
DSA-3793

Affected configurations:
1. Configuration 1
  cpe:2.3:a:shadow_project:shadow:4.2.1:*:*:*:*:*:*:*

Version: v24.5.3