A vulnerability found in Shadow may allow local attackers to bypass security restrictions.
Package | sys-apps/shadow on all architectures |
---|---|
Affected versions | < 4.6 |
Unaffected versions | >= 4.6 |
Shadow is a set of tools to deal with user accounts.
A local attacker could possibly bypass security restrictions if an administrator used “group blacklisting” to restrict access to file system paths.
A local attacker could possibly bypass security restrictions.
There is no known workaround at this time.
All shadow users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.6"
Release date
May 22, 2018
Latest revision
May 22, 2018: 1
Severity
normal
Exploitable
remote
Bugzilla entries