Shadow: Buffer overflow — GLSA 201710-16

A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors.

Affected packages

sys-apps/shadow on all architectures
Affected versions < 4.5
Unaffected versions >= 4.5

Background

Shadow is a set of tools to deal with user accounts.

Description

Malformed input in the newusers tool may produce crashes and other unspecified behaviors.

Impact

A remote attacker could possibly cause a Denial of Service condition or bypass privilege boundaries in some web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

Workaround

There is no known workaround at this time.

Resolution

All Shadow users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.5"
 

References

Release date
October 15, 2017

Latest revision
October 15, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries