Uploaded image for project: 'Funtoo Linux'
  1. Funtoo Linux
  2. FL-5199

Shadow: security bypass — GLSA 201805-09

XMLWordPrintable

    • Icon: Security Vulnerability Security Vulnerability
    • Resolution: Fixed
    • Icon: Severe (Ebuild) Severe (Ebuild)
    • None
    • None
    • None

      A vulnerability found in Shadow may allow local attackers to bypass security restrictions.

      Affected Packages

      Package sys-apps/shadow on all architectures
      Affected versions < 4.6
      Unaffected versions >= 4.6

      Background

      Shadow is a set of tools to deal with user accounts.

      Description

      A local attacker could possibly bypass security restrictions if an administrator used “group blacklisting” to restrict access to file system paths.

      Impact

      A local attacker could possibly bypass security restrictions.
      Workaround

      There is no known workaround at this time.

      Resolution

      All shadow users should upgrade to the latest version:

      1. emerge --sync
      2. emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.6"

      References

      CVE-2018-7169

            Unassigned Unassigned
            palica Pavol Cupka
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: